High-risk tools in Puppeteer MCP Server

High severity Puppeteer MCP Server MCP Server 7 of 8 tools

7 of the 8 tools in Puppeteer MCP Server are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.

Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.

Tools at high risk

puppeteer_evaluate Execute

Execute JavaScript in the browser console
puppeteer_navigate Execute

Navigate to a URL
puppeteer_click Execute

Click an element on the page
puppeteer_connect_active_tab Execute

Connect to an existing Chrome instance with remote debugging enabled
puppeteer_fill Execute

Fill out an input field
puppeteer_hover Execute

Hover an element on the page
puppeteer_select Execute

Select an element on the page with Select tag

Attacks that target this class

High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.

Destructive Action Autonomy
Runaway Tool Loops
Prompt Injection via Tool Results

High-risk tools in Puppeteer MCP Server

Tools at high risk

Attacks that target this class

More on Puppeteer MCP Server

Enforce policy on every Puppeteer MCP Server tool call.