High-risk tools in Chrome DevTools MCP
15 of the 26 tools in Chrome DevTools MCP are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
clickExecuteClicks on the provided element
-
dragExecuteDrag an element onto another element
-
emulate_cpuExecuteEmulates CPU throttling by slowing down the selected page
-
emulate_networkExecuteEmulates network conditions such as throttling or offline mode on the selected page.
-
evaluate_scriptExecuteEvaluate a JavaScript function inside the currently selected page. Returns the response as JSON so returned values have to JSON-serializable.
-
handle_dialogExecuteIf a browser dialog was opened, use this command to handle it
-
hoverExecuteHover over the provided element
-
navigate_pageExecuteNavigates the currently selected page to a URL.
-
navigate_page_historyExecuteNavigates the currently selected page.
-
new_pageExecuteCreates a new page
-
performance_start_traceExecuteStarts a performance trace recording on the selected page. This can be used to look for performance problems and insights to improve the performance of the page. It will also re...
-
performance_stop_traceExecuteStops the active performance trace recording on the selected page.
-
resize_pageExecuteResizes the selected page
-
select_pageExecuteSelect a page as a context for future tool calls.
-
wait_forExecuteWait for the specified text to appear on the selected page.
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.