High-risk tools in BrowserMCP
5 of the 44 tools in BrowserMCP are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
browser_execute_jsExecuteExecute JavaScript code in the context of the current page and return the result.
-
browser_navigateExecuteNavigate to a URL in the browser and return page content. Uses the user
-
browser_new_tabExecuteOpen a new browser tab.
-
browser_new_windowExecuteOpen a new browser window.
-
browser_wait_forExecuteWait for an element matching a CSS selector to appear on the page.
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.