High-risk tools in CloakBrowser MCP Server
14 of the 24 tools in CloakBrowser MCP Server are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
cloak_backExecuteNavigate back in browser history.
-
cloak_clickExecuteClick on an element identified by its ref ID from the snapshot (e.g.
-
cloak_consoleExecuteGet browser console output or evaluate JavaScript expression.
-
cloak_dragExecuteDrag an element from one position to another.
-
cloak_evaluateExecuteEvaluate JavaScript expression in the page context.
-
cloak_forwardExecuteNavigate forward in browser history.
-
cloak_hoverExecuteHover over an element identified by its ref ID.
-
cloak_launchExecuteLaunch a stealth CloakBrowser instance. Call this before any other cloak tool.
-
cloak_navigateExecuteNavigate to a URL and return a compact snapshot of the page.
-
cloak_pressExecutePress a keyboard key (Enter, Tab, Escape, ArrowDown, etc.).
-
cloak_scrollExecuteScroll the page in a direction.
-
cloak_select_optionExecuteSelect option(s) in a <select> element.
-
cloak_typeExecuteType text into an input field identified by its ref ID.
-
cloak_wait_forExecuteWait for an element or text to appear on the page.
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.