High-risk tools in ApiTap

High severity ApiTap MCP Server 6 of 12 tools

6 of the 12 tools in ApiTap are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.

Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.

Tools at high risk

apitap_capture_start Execute

Start an interactive capture session. Launches browser, begins capturing API traffic.
apitap_auth_request Execute

Open a visible browser for human login (handles 2FA, CAPTCHAs).
apitap_capture Execute

Launch a browser to capture a site\
apitap_capture_interact Execute

Drive a live capture session browser.
apitap_replay Execute

Call a captured API endpoint and return live data.
apitap_replay_batch Execute

Replay multiple captured endpoints in parallel across domains.

Attacks that target this class

High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.

High-risk tools in ApiTap

Tools at high risk

Attacks that target this class

More on ApiTap

Enforce policy on every ApiTap tool call.