High-risk tools in OODA Computer Control
32 of the 99 tools in OODA Computer Control are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
batch_exec_cliExecuteExecute multiple shell commands in parallel.
-
batch_keyboard_actionsExecuteExecute sequence of keyboard actions (type, press, shortcut, wait).
-
batch_mouse_actionsExecuteExecute sequence of mouse actions (move, click, drag, scroll, wait).
-
evaluate_jsExecuteExecute JavaScript code in the page context.
-
exec_cliExecuteExecute shell commands on the host system (YOLO mode)
-
execute_codeExecuteExecute code in memory without saving to file. Supports python, node, r, powershell, bash.
-
keyboard_shortcutExecuteExecute keyboard shortcut (e.g.,
-
launch_applicationExecuteLaunch an application by path or name.
-
launch_browserExecuteLaunch a browser instance (Puppeteer or Playwright). Toggles headless mode.
-
navigate_pageExecuteNavigate to a URL and wait for load.
-
start_processExecuteStart a new interactive process session. Returns a sessionId for subsequent interactions. Use for long-running processes, REPLs, SSH, or any process requiring stdin/stdout inter...
-
stop_searchExecuteStop a search session and cleanup resources.
-
waitExecuteWait/sleep for specified milliseconds. Use in action sequences.
-
wait_for_windowExecuteWait for a window to appear. Matches process name or window title.
-
focus_windowExecuteBring a window to the foreground by title or PID.
-
maximize_windowExecuteMaximize the active or specified window.
-
minimize_windowExecuteMinimize a window or all windows.
-
notifyExecuteShow a system notification.
-
click_elementExecuteClick an element identified by CSS/XPath selector.
-
close_browserExecuteClose the browser instance and cleanup.
-
interact_with_processExecuteSend input to a running process session. Input is written to the process stdin.
-
keyboard_pressExecutePress a key with optional modifiers (ctrl, alt, shift).
-
keyboard_typeExecuteType text as keyboard input.
-
mouse_clickExecuteClick mouse button at position. Supports double-click.
-
mouse_dragExecuteDrag from one position to another.
-
mouse_moveExecuteMove mouse cursor to coordinates.
-
mouse_scrollExecuteScroll mouse wheel.
-
move_windowExecuteMove the active or specified window.
-
resize_windowExecuteResize the active or specified window.
-
restore_windowExecuteRestore a minimized/maximized window.
-
set_environmentExecuteSet an environment variable.
-
type_textExecuteType text into an input field.
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.