High-risk tools in Windows MCP Server
11 of the 25 tools in Windows MCP Server are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
activate_windowExecuteActivate (bring to front) a window by title or handle
-
click_elementExecuteClick on a UI element using its label from get_desktop_state. More reliable than mouse_click for UI automation. Use the label number from the desktop state.
-
keyboard_pressExecutePress a specific key or key combination
-
keyboard_typeExecuteType text using the keyboard
-
launch_applicationExecuteLaunch an application by path or command
-
lock_screenExecuteLock the workstation
-
mouse_clickExecuteClick the mouse at current position or specified coordinates
-
mouse_moveExecuteMove the mouse cursor to specific coordinates
-
mouse_scrollExecuteScroll the mouse wheel
-
resize_windowExecuteResize and/or move a window
-
restartExecuteRestart the computer
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.