High-risk tools in Browserbase MCP Server
5 of the 12 tools in Browserbase MCP Server are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
browserbase_session_closeExecuteCloses the current Browserbase session by properly shutting down the Stagehand instance, which handles browser cleanup and terminates the session recording.
-
browserbase_session_createExecuteCreate or reuse a single cloud browser session using Browserbase with fully initialized Stagehand. WARNING: This tool is for SINGLE browser workflows only. If you need multiple ...
-
browserbase_stagehand_actExecutePerforms an action on a web page element. Act actions should be as atomic and
-
browserbase_stagehand_navigateExecuteNavigate to a URL in the browser. Only use this tool with URLs you
-
multi_browserbase_stagehand_session_createExecuteCreate parallel browser session for multi-session workflows. Use this when you need multiple browser instances running simultaneously: parallel data scraping, concurrent automat...
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.