High-risk tools in Browser
32 of the 63 tools in Browser are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
browser_clickExecuteClick an element on the page using Playwright selector (see browser_docs)
-
browser_console_startExecuteStart capturing browser console logs (console.log, console.error, console.warn, etc.) (see browser_docs)
-
browser_control_mediaExecuteControl a media element (play, pause, seek, mute) (see browser_docs)
-
browser_evaluateExecuteExecute JavaScript in the browser context (see browser_docs)
-
browser_focusExecuteFocus an element (see browser_docs)
-
browser_go_backExecuteNavigate back in history (see browser_docs)
-
browser_go_forwardExecuteNavigate forward in history (see browser_docs)
-
browser_hoverExecuteHover over an element (see browser_docs)
-
browser_mouse_clickExecuteClick the mouse at specific coordinates or on current position (see browser_docs)
-
browser_mouse_dragExecuteDrag from one position to another (see browser_docs)
-
browser_mouse_moveExecuteMove the mouse to specific coordinates (see browser_docs)
-
browser_mouse_wheelExecuteScroll the mouse wheel (see browser_docs)
-
browser_navigateExecuteNavigate to a URL in the browser (see browser_docs)
-
browser_net_emulate_conditionsExecuteEmulate network conditions (throttling) (see browser_docs)
-
browser_net_set_request_blockingExecuteBlock requests matching URL patterns (see browser_docs)
-
browser_net_start_monitoringExecuteStart monitoring network requests with detailed timing (see browser_docs)
-
browser_net_stop_monitoringExecuteStop network monitoring and clear request log (see browser_docs)
-
browser_new_pageExecuteOpen a new browser page (tab) (see browser_docs)
-
browser_perf_start_coverageExecuteStart tracking CSS and JavaScript code coverage (see browser_docs)
-
browser_perf_start_profileExecuteStart CPU profiling to track JavaScript execution (see browser_docs)
-
browser_perf_stop_profileExecuteStop CPU profiling and get profile data (see browser_docs)
-
browser_press_keyExecuteSend a keyboard event (press a key) (see browser_docs)
-
browser_reloadExecuteReload the current page (see browser_docs)
-
browser_resize_windowExecuteResize the browser window (useful for testing responsiveness) (see browser_docs)
-
browser_scrollExecuteScroll the page (see browser_docs)
-
browser_sec_stop_csp_monitoringExecuteStop CSP monitoring and clear violations (see browser_docs)
-
browser_selectExecuteSelect options in a dropdown (see browser_docs)
-
browser_start_video_recordingExecuteStart recording browser session as video (see browser_docs)
-
browser_switch_pageExecuteSwitch to a different browser page (tab) (see browser_docs)
-
browser_typeExecuteType text into an input field (see browser_docs)
-
browser_waitExecutePause execution for a duration (see browser_docs)
-
browser_wait_for_selectorExecuteWait for an element to appear on the page (see browser_docs)
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.