High-risk tools in Scrapeless
11 of the 21 tools in Scrapeless are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
browser_clickExecuteClick a specific element on the page. Restrictions: Requires a valid CSS selector for the target element. Valid: Click the button with selector
-
browser_createExecuteCreate or reuse a cloud browser session using Scrapeless. Updates the active session.
-
browser_go_backExecuteGo back one step in browser history. Restrictions: Only works if a previous page exists in the session history. Valid: After navigating from page A to B, go back to A. ...
-
browser_go_forwardExecuteGo forward one step in browser history. Restrictions: Only works after a
-
browser_gotoExecuteNavigate browser to a specified URL. Restrictions: Only for direct URL navigation, not for searches. Valid: Go to https://google.com. Invalid: Search for
-
browser_press_keyExecuteSimulate a key press. Restrictions: Must specify a valid key name; optional target selector. Valid: Press Enter in #search. Invalid: Press a key without specifying t...
-
browser_scrollExecuteScroll the current page to a specific position. Restrictions: Requires pixel coordinates for scrolling. Valid: Scroll to the bottom of the page (e.g., { x: 0, y: 10000 }...
-
browser_scroll_toExecuteScroll a specific element into view. Restrictions: Requires a valid CSS selector for the target element. Valid: Scroll to the element
-
browser_typeExecuteType text into a specified input field. Restrictions: Requires a CSS selector for an input/textarea and the text to type. Valid: Type
-
browser_waitExecutePause execution for a fixed duration. Restrictions: Requires a duration in milliseconds. Should be used sparingly. Valid: Wait for 2000 milliseconds. Invalid: Wait f...
-
browser_wait_forExecuteWait for a specific page element to appear. Restrictions: Requires a valid CSS selector for the element to wait for. Valid: Wait for the element
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.