High-risk tools in Chrome Profile MCP Server
13 of the 18 tools in Chrome Profile MCP Server are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
clickExecuteClick an element by CSS selector
-
evaluate_jsExecuteExecute JavaScript code in the page context and return the result
-
go_backExecuteGo back in browser history
-
go_forwardExecuteGo forward in browser history
-
hoverExecuteHover over an element
-
navigateExecuteNavigate active tab to a URL
-
new_tabExecuteOpen a new tab, optionally navigating to a URL
-
press_keyExecutePress a keyboard key (e.g. Enter, Tab, Escape, ArrowDown)
-
reloadExecuteReload current page
-
scrollExecuteScroll the page or a specific element into view
-
select_optionExecuteSelect an option from a dropdown
-
switch_tabExecuteSwitch active tab by index
-
wait_forExecuteWait for an element to appear on the page
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.