High-risk tools in Scout
17 of the 32 tools in Scout are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
scout_backExecuteGo back in browser history.
-
scout_clickExecuteClick an element by its snapshot ID. Returns healer result describing what changed. If stateChange is
-
scout_dragExecuteDrag one element onto another.
-
scout_evaluateExecuteExecute JavaScript in the current page and return the result. Use for: reading page state, clicking elements blocked by shadow DOM overlays, interacting with Web Components, or ...
-
scout_forwardExecuteGo forward in browser history.
-
scout_handoffExecuteInject a banner in the live browser asking the user to take a manual action. Returns IMMEDIATELY with a handoff_id — does NOT block. Poll scout_handoff_check(handoff_id) every 5...
-
scout_handoff_cancelExecuteCancel a pending handoff and remove the banner from the browser.
-
scout_hoverExecuteHover over an element by its snapshot ID.
-
scout_loginExecuteLog in to a social platform automatically. Handles multi-step flows and unusual activity challenges. Auto-saves the session on success (no need to call scout_save_session). Twit...
-
scout_navigateExecuteNavigate to a URL. Returns {url, title} by default (lean). Set snapshot=true for full accessibility tree + screenshot (expensive — use only when you need to discover page struct...
-
scout_new_tabExecuteOpen a new browser tab, optionally navigating to a URL.
-
scout_press_keyExecutePress a keyboard key (e.g. Enter, Escape, ArrowDown, Backspace).
-
scout_refreshExecuteRefresh the current page.
-
scout_scrollExecuteScroll the page or a specific element (modal, dialog) in a direction. Use element_id to scroll within a container instead of the whole page.
-
scout_selectExecuteSelect an option from a dropdown/select element by its snapshot ID.
-
scout_switch_tabExecuteSwitch to a browser tab by index (from scout_tabs).
-
scout_waitExecuteWait for a page condition.
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.