High-risk tools in MCP Connect
11 of the 24 tools in MCP Connect are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
click_elementExecuteClick element by CSS selector
-
evaluate_javascriptExecuteExecute JavaScript code in page context
-
launch_browserExecuteLaunch browser instance (Chrome/Chromium)
-
navigateExecuteNavigate to URL (Metro bundler, Chrome DevTools, any web page)
-
open_metro_bundlerExecuteQuick shortcut to open React Native Metro bundler UI
-
open_urlExecuteOpens a URL in the simulator (supports app deep links and web URLs).
-
press_buttonExecutePresses a system button on the simulator (home, lock, siri, volume_up, volume_down). Note: siri and volume buttons require fb-idb.
-
reload_metroExecuteTrigger reload in Metro bundler
-
simulator_type_textExecuteTypes the specified text into the currently focused input field on the iOS simulator.
-
swipeExecutePerforms a swipe gesture on the simulator screen from (x1, y1) to (x2, y2).
-
tap_screenExecuteTaps the simulator screen at the specified coordinates (x, y).
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.