High-risk tools in Scrapybara MCP

High severity Scrapybara MCP MCP Server 4 of 5 tools

4 of the 5 tools in Scrapybara MCP are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.

Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.

Tools at high risk

act Execute

Take action on a Scrapybara instance through an agent. The agent can control the instance with mouse/keyboard and bash commands.
bash Execute

Run a bash command in a Scrapybara instance.
start_instance Execute

Start a Scrapybara Ubuntu instance. Use it as a desktop sandbox to access the web or run code. Always present the stream URL to the user afterwards so they can watch the instanc...
stop_instance Execute

Stop a running Scrapybara instance.

Attacks that target this class

High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.

High-risk tools in Scrapybara MCP

Tools at high risk

Attacks that target this class

More on Scrapybara MCP

Enforce policy on every Scrapybara MCP tool call.