High-risk tools in Hermes Computer Use
26 of the 38 tools in Hermes Computer Use are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
backExecuteBrowser back (alt+Left).
-
clear_fieldExecuteSelect all text in the focused widget and delete it. Handy before
-
dom_clickExecuteClick the element matching the CSS selector. Faster and more
-
dom_evalExecuteEvaluate arbitrary JavaScript in the page context and return the
-
dom_typeExecuteSet the value of an input / textarea / contenteditable matching the
-
dom_waitExecutePoll until the selector matches at least one visible element, or
-
double_clickExecuteMove to (x,y) then double left-click.
-
dragExecutePress-and-hold left button at (x1,y1), drag to (x2,y2), release.
-
forwardExecuteBrowser forward (alt+Right).
-
hold_keyExecuteHold a key down for ms milliseconds, then release. Same key naming
-
left_clickExecuteMove to (x,y) then single left-click.
-
middle_clickExecuteMove to (x,y) then single middle-click (typically opens link in new tab).
-
moveExecuteMove the cursor to (x,y). Set human=False for an instant jump.
-
new_tabExecuteOpen a new Chrome tab to url.
-
open_urlExecuteFocus Chrome's address bar and load a URL.
-
pasteExecutePaste the clipboard into the focused widget (ctrl+v).
-
press_keyExecutepress_key
-
redoExecuteRedo the last undone edit (ctrl+shift+z).
-
reloadExecuteReload page. hard=True for ctrl+shift+R.
-
right_clickExecuteMove to (x,y) then single right-click.
-
run_shellExecuteRun a shell command inside WSL (for ops like `ls`, `curl`, file ops).
-
scrollExecuteScroll wheel at cursor (or at given x/y if provided). amount = click count.
-
select_allExecuteSelect all content in the focused widget (ctrl+a).
-
type_textExecuteType unicode text into whatever widget currently has focus.
-
undoExecuteUndo the last edit in the focused widget (ctrl+z).
-
waitExecuteSleep for ms milliseconds (useful to wait for page loads/animations).
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.