High-risk tools in Brave Browser MCP Server
18 of the 27 tools in Brave Browser MCP Server are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
clickExecuteclick
-
dragExecuteDrags an element from source to target. Both accept CSS/XPath or ref=N from snapshot.
-
file_uploadExecuteUploads one or more files to a file input element.
-
fill_inputExecuteFills an input field instantly with the given text (clears existing content first).
-
handle_dialogExecuteHandles a JavaScript dialog (alert, confirm, prompt).
-
hoverExecuteHovers over an element. Useful for triggering tooltips or hover menus.
-
launch_browserExecuteLaunches the Brave browser. Must be called before any other tool.
-
navigateExecuteNavigates to a URL (e.g., 'https://youtube.com'). Adds https:// if missing.
-
navigate_backExecuteNavigates back to the previous page in history.
-
navigate_forwardExecuteNavigates forward to the next page in history.
-
press_keyExecutePresses a keyboard key. If selector is provided, focuses that element first.
-
refresh_pageExecuteReloads the current page.
-
resizeExecuteResizes the browser viewport to the given width and height in pixels.
-
right_clickExecuteRight-clicks an element to open the context menu (Save image as, Copy link, etc.).
-
select_optionExecuteSelects an option from a <select> dropdown by value or visible text.
-
tabsExecuteManages browser tabs.
-
type_textExecuteTypes text character-by-character into an element (simulates real typing).
-
wait_forExecuteWaits for an element to reach the specified state before continuing.
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.