High-risk tools in WebControl
8 of the 20 tools in WebControl are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
clickExecuteClick an element by its ref ID (from get_page_content). Returns updated page content.
-
configure_network_captureExecuteconfigure_network_capture
-
create_sessionExecuteCreate a new browser session with isolated cookies and storage. Set enable_tracing=true to record a Playwright trace for debugging.
-
execute_jsExecuteExecute JavaScript on the current page. Returns updated page content.
-
fillExecuteFill a form field by its ref ID with the given value. Returns updated page content.
-
navigateExecutenavigate
-
selectExecuteSelect a dropdown option by its ref ID. Value can be option text or value. Returns updated page content.
-
submitExecuteSubmit a form by its ref ID (form element or submit button). Returns updated page content.
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.