High-risk tools in Server
5 of the 21 tools in Server are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
browser_installExecuteInstall Playwright Chromium browser binary. Call this if you get an error about the browser not being installed.
-
calculateExecutePerform basic arithmetic operations
-
execute_sqlExecuteExecute a SQL query against the PostgreSQL database.
-
explain_queryExecuteRun EXPLAIN (ANALYZE, BUFFERS) on a SQL query to show the execution plan with actual timing,
-
generate_pdfExecuteGenerate a PDF from a web page URL using a headless Chromium browser.
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.