High-risk tools in Windows-MCP
11 of the 15 tools in Windows-MCP are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
Click-ToolExecuteClick on UI elements at specific coordinates. Supports left/right/middle mouse buttons and single/double/triple clicks. Use coordinates from State-Tool output.
-
Drag-ToolExecuteDrag and drop operation from source coordinates to destination coordinates. Useful for moving files, resizing windows, or drag-and-drop interactions.
-
Key-ToolExecutePress individual keyboard keys. Supports special keys like
-
Launch-ToolExecuteLaunch an application from the Windows Start Menu by name (e.g.,
-
Move-ToolExecuteMove mouse cursor to specific coordinates without clicking. Useful for hovering over elements or positioning cursor before other actions.
-
Powershell-ToolExecuteExecute PowerShell commands and return the output with status code
-
Resize-ToolExecuteResize a specific application window (e.g.,
-
Scroll-ToolExecuteScroll at specific coordinates or current mouse position. Use wheel_times to control scroll amount (1 wheel = ~3-5 lines). Essential for navigating lists, web pages, and long co...
-
Shortcut-ToolExecuteExecute keyboard shortcuts using key combinations. Pass keys as list (e.g., [
-
Switch-ToolExecuteSwitch to a specific application window (e.g.,
-
Type-ToolExecuteType text into input fields, text areas, or focused elements. Set clear=True to replace existing text, False to append. Click on target element coordinates first.
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.