High-risk tools in MCP Camoufox
47 of the 102 tools in MCP Camoufox are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
batch_actionsExecuteExecute multiple actions in one call. Each action: {type, ref?, value?, text?, key?, url?}.
-
browser_launchExecuteLaunch Camoufox stealth browser and navigate to URL. Browser persists between calls.
-
evaluateExecuteExecute JavaScript in page context.
-
frame_evaluateExecuteExecute JavaScript inside a specific frame/iframe.
-
mouse_recordExecuteStart recording mouse positions (call mouse_replay later). Returns recorder handle.
-
navigateExecuteNavigate to a URL.
-
navigate_and_snapshotExecuteNavigate to URL then return snapshot — combined in one call.
-
network_startExecuteStart capturing network requests. With capture_bodies=true also records request/response
-
session_warmupExecuteVisit innocuous public sites (Google, Wikipedia) to build browsing history before targeting protected site. Helps with CF/DataDome IP scoring.
-
tab_newExecuteOpen new tab.
-
wait_and_snapshotExecuteWait for selector/text then return snapshot. Combines wait_for + browser_snapshot in one call.
-
wait_forExecuteWait for element/text to appear or disappear.
-
wait_for_any_ofExecuteRace multiple wait conditions — returns the first that matches, so the agent can branch immediately without sequential probes.
-
wait_for_navigationExecuteWait for page load to complete.
-
wait_for_network_idleExecuteWait until network is idle for N ms (no in-flight requests). Better than fixed timeouts for SPAs.
-
wait_for_responseExecuteWait for a network response matching a URL pattern.
-
wait_for_urlExecuteWait for URL to match a pattern.
-
back_and_snapshotExecuteNavigate back + return snapshot.
-
checkExecuteCheck checkbox or radio button.
-
reload_and_snapshotExecuteReload page + return snapshot.
-
storage_state_loadExecuteLoad cookies + localStorage from a JSON file (created by storage_state_save). Bypass CF/login if session is fresh.
-
clickExecuteClick element by ref ID from browser_snapshot. Auto JS-fallback for overlays.
-
click_and_snapshotExecuteClick element by ref + wait + return snapshot. Perfect for buttons that trigger navigation/dialog.
-
click_and_waitExecuteClick element then wait for navigation or selector. Atomic — fewer roundtrips than separate click + wait_for.
-
click_roleExecuteClick element by ARIA role and name.
-
click_textExecuteClick element by visible text.
-
click_turnstileExecuteAuto-find and click Cloudflare Turnstile checkbox. Port of mcp-stealth-chrome
-
dialog_handleExecuteSet handler for next alert/confirm/prompt.
-
drag_and_dropExecuteDrag from one element to another.
-
go_backExecuteNavigate back in history.
-
go_forwardExecuteNavigate forward in history.
-
hoverExecuteHover over element by ref ID.
-
humanize_clickExecuteClick element with humanized mouse approach (3-step Bezier-like curve before click). Use for anti-bot pages.
-
humanize_typeExecuteType text with Gaussian-distributed delays between keystrokes (mean ~80ms, sigma ~30ms). Mimics human typing rhythm.
-
inject_init_scriptExecuteInject a script that runs before every page load.
-
login_classicExecuteComposite login for classic email→password forms (Google, Microsoft, generic SSO).
-
mouse_click_xyExecuteClick at exact x,y coordinates. steps>0 adds interpolated pre-movement (human-like).
-
mouse_driftExecuteRandom mouse movements over a duration — builds up mouse history before action (CF/DataDome behavior analysis).
-
mouse_moveExecuteMove mouse to x,y. steps>0 interpolates path (human-like).
-
mouse_replayExecuteReplay last recorded mouse path with original timing.
-
press_keyExecutePress key or combo (Enter, Escape, Control+a, etc.).
-
reloadExecuteReload the current page.
-
scrollExecuteScroll the page.
-
select_optionExecuteSelect option from <select> dropdown.
-
set_viewport_sizeExecuteSet viewport width and height.
-
tab_selectExecuteSwitch to a tab by index, or by url_contains (first tab whose URL contains the substring).
-
type_textExecuteType text char by char via keyboard.
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.