High-risk tools in Opera DevTools MCP
25 of the 51 tools in Opera DevTools MCP are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
clickExecuteClicks on the provided element
-
click_atExecuteClicks at the provided coordinates
-
dragExecuteDrag an element onto another element
-
emulateExecuteEmulates various features on the selected page.
-
evaluateExecuteEvaluates a JavaScript script
-
evaluate_scriptExecuteEvaluate a JavaScript function inside the currently selected page${cliArgs?.categoryExtensions ?
-
execute_3p_developer_toolExecuteExecutes a tool exposed by the page.
-
execute_webmcp_toolExecuteExecutes a WebMCP tool exposed by the page.
-
handle_dialogExecuteIf a browser dialog was opened, use this command to handle it
-
hoverExecuteHover over the provided element
-
install_extensionExecuteInstalls a Chrome extension from the given path.
-
navigateExecuteLoads a URL
-
navigate_pageExecuteGo to a URL, or back, forward, or reload. Use project URL if not specified otherwise.
-
new_pageExecuteOpen a new tab and load a URL. Use project URL if not specified otherwise.
-
opera_chatExecuteSend a chat prompt to Opera
-
opera_doExecuteInstruct Opera
-
performance_start_traceExecuteStart a performance trace on the selected webpage. Use to find frontend performance issues, Core Web Vitals (LCP, INP, CLS), and improve page load speed.
-
performance_stop_traceExecuteStop the active performance trace recording on the selected webpage.
-
press_keyExecutePress a key or key combination. Use this when other input methods like fill() cannot be used (e.g., keyboard shortcuts, navigation keys, or special key combinations).
-
reload_extensionExecuteReloads an unpacked Chrome extension by its ID.
-
resize_pageExecuteResizes the selected page
-
screencast_stopExecuteStops the active screencast recording on the selected page.
-
trigger_extension_actionExecuteTriggers the default action of an extension by its ID.
-
type_textExecuteType text using keyboard into a previously focused input
-
wait_forExecuteWait for the specified text to appear on the selected page.
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.