High-risk tools in Macos Control
12 of the 22 tools in Macos Control are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
execute_javascriptExecuteRun JavaScript in the active browser tab. Much faster than screenshot+OCR for web pages. Returns the result.
-
launch_appExecuteOpen or focus a macOS application by name. Prefer batch_actions when combining with other actions.
-
batch_actionsExecutePREFERRED: Always use this tool instead of calling individual action tools (click_at, type_text, press_key, launch_app, etc.) one at a time. Combine multiple steps into a single...
-
click_atExecuteClick at x,y screen coordinates. Returns a screenshot by default (disable with return_screenshot=false). Use screenshot + screen_ocr to find coordinates first. Prefer batch_acti...
-
click_by_textExecuteClick a button, link, tab, radio, or checkbox by its visible text. Much more reliable than coordinate clicking. Scrolls element into view before clicking.
-
click_elementExecuteClick a named UI element in an app window. Returns a screenshot by default (disable with return_screenshot=false). Use get_ui_elements to discover element names. Prefer batch_ac...
-
double_click_atExecuteDouble-click at x,y screen coordinates. Returns a screenshot by default (disable with return_screenshot=false). Prefer batch_actions when combining with other actions.
-
open_urlExecuteOpen a URL in Safari or Chrome.
-
press_keyExecutePress a key combo (e.g. press
-
scrollExecuteScroll in the frontmost application. Prefer batch_actions when combining with other actions.
-
select_optionExecuteSelect a dropdown option by the dropdown
-
type_textExecuteType text using keyboard input. If app is specified, focuses that app first to ensure keystrokes go to the right place. Without app, types into the frontmost app. Prefer batch_a...
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.