High-risk tools in Computer Use

High severity Computer Use MCP Server 11 of 15 tools

11 of the 15 tools in Computer Use are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.

Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.

Tools at high risk

execute_bash Execute

Execute a bash command on the virtual computer.
initialize_computer Execute

Initialize a virtual computer with the provided API key.
restart_computer Execute

Restart the virtual computer.
wait Execute

Wait for the specified number of seconds.
double_click Execute

Perform a double click at the specified coordinates.
left_click Execute

Perform a left mouse click at the specified coordinates.
press_key Execute

Press a key or key combination (e.g., 'Enter', 'ctrl+c').
prompt Execute

Control the computer with natural language using an AI agent.
right_click Execute

Perform a right mouse click at the specified coordinates.
scroll Execute

Scroll in the specified direction and amount.
type_text Execute

Type the specified text into the virtual computer.

Attacks that target this class

High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.

Destructive Action Autonomy
Runaway Tool Loops
Prompt Injection via Tool Results

High-risk tools in Computer Use

Tools at high risk

Attacks that target this class

More on Computer Use

Enforce policy on every Computer Use tool call.