High-risk tools in MCP Developer Server
18 of the 58 tools in MCP Developer Server are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
create_containerExecuteCreate and start a new Docker container that runs indefinitely
-
create_dev_environmentExecuteCreate a development environment with pre-configured tools
-
execute_commandExecuteExecute a command in a running container
-
firecrawl_crawlExecutefirecrawl_crawl
-
inspect_containerExecuteInspects the container, and runs the command docker command
-
playwright_clickExecuteClick an element on a Playwright page
-
playwright_create_pageExecuteCreate a new page in a Playwright browser
-
playwright_launch_browserExecuteLaunch a new Playwright browser instance (chromium, firefox, or webkit). Supports headless, so try to use Headless.
-
playwright_navigateExecuteNavigate to a URL in a Playwright page
-
playwright_screenshotExecuteTake a screenshot of a Playwright page
-
playwright_typeExecuteType text into an element on a Playwright page
-
restart_containerExecuteRestart a container
-
selenium_clickExecuteClick an element using Selenium
-
selenium_launch_driverExecuteLaunch a Selenium WebDriver (chrome or firefox)
-
selenium_navigateExecuteNavigate to a URL using Selenium
-
selenium_typeExecuteType text into an element using Selenium
-
start_containerExecuteStart a stopped container
-
stop_containerExecuteStop a running container (without removing it)
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.