High-risk tools in BrowserPilot MCP
13 of the 22 tools in BrowserPilot MCP are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
clickExecuteClick an element on the page
-
dragExecuteDrag from one point to another
-
ensure_active_tabExecute确保存在一个可用且激活的浏览器 tab。如果当前窗口已有 active tab 则直接复用;如果没有任何 tab 但浏览器进程仍在,则新建 tab;如果连窗口都没有,会按 platform 启动 Chrome(macOS: open -a Google Chrome;Linux: xdg-open;Windows: rundll32.exe url.d...
-
evaluate_scriptExecuteEvaluate JavaScript on the page via chrome.scripting.executeScript. The script runs with extension execution semantics and must return a JSON-serializable value; returnByValue i...
-
fill_formExecuteFill multiple form fields at once
-
handle_dialogExecuteHandle a JavaScript dialog (alert, confirm, prompt)
-
hoverExecuteHover over an element
-
navigate_pageExecuteNavigate to a URL in the browser
-
new_pageExecuteOpen a new browser tab
-
press_keyExecutePress a keyboard key
-
resize_pageExecuteResize the browser window
-
type_textExecuteType text into an input field
-
wait_forExecuteWait for a visible element matching a CSS selector. JavaScript conditions are not supported; use evaluate_script explicitly when script execution is intended.
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.