High-risk tools in VSCode Automation MCP
24 of the 61 tools in VSCode Automation MCP are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
vscode_execute_commandExecuteExecute a VSCode command programmatically. Use this to trigger any command available in the Command Palette.
-
vscode_execute_scriptExecuteExecute arbitrary JavaScript code in the VSCode window context (like DevTools console). Has full access to document, window, and all globals. Returns the result as JSON.
-
vscode_go_to_definitionExecuteTrigger Go to Definition (F12) on the current cursor position.
-
vscode_hoverExecuteHover over an element for a specified duration to trigger hover effects.
-
vscode_initializeExecuteInitialize the VSCode automation driver. This is called automatically on first tool use, but can be called explicitly to pre-warm the connection.
-
vscode_trigger_completionExecuteTrigger IntelliSense/code completion (Ctrl+Space) and optionally wait for items.
-
vscode_trigger_hoverExecuteTrigger hover on an element and optionally wait for tooltip to appear. Returns tooltip content if found.
-
vscode_trigger_signature_helpExecuteTrigger signature help (Ctrl+Shift+Space) and get parameter info.
-
vscode_wait_for_elementExecuteWait for an element to appear or disappear. Useful for waiting for UI updates after actions.
-
vscode_wait_for_idleExecuteWait for VSCode to become idle (no pending operations, document ready, no busy indicators).
-
vscode_dismiss_notificationExecuteDismiss a notification by clicking its close button. Can target by index or message text.
-
vscode_focus_elementExecuteFocus a UI element by CSS selector. Optionally scrolls the element into view first.
-
vscode_click_elementExecuteClick a UI element in VSCode by CSS selector, XPath, accessibility label, or text content. Supports single click, double click, and right click.
-
vscode_click_menu_itemExecuteClick a menu item by its text label.
-
vscode_drag_dropExecuteDrag an element and drop it onto another element. Useful for reordering tabs, tree items, etc.
-
vscode_handle_dialogExecuteHandle modal dialogs like InputBox, QuickPick, or confirmation dialogs. Can submit text or dismiss.
-
vscode_open_context_menuExecuteOpen a context menu (right-click menu) on an element.
-
vscode_open_fileExecuteOpen a file in the VSCode editor. Optionally navigate to a specific line and column position.
-
vscode_open_webviewExecuteOpen a webview panel by its title or command. Webviews are used by extensions for custom UI.
-
vscode_press_keysExecutePress keyboard keys or key combinations (e.g.,
-
vscode_scrollExecuteScroll an element or the page in a specified direction or to a position (top/bottom).
-
vscode_select_completion_itemExecuteSelect and accept a completion item by its label.
-
vscode_select_quick_pick_itemExecuteSelect an item from the QuickPick by text or index.
-
vscode_type_textExecuteType text into VSCode. Can type into the currently focused element or target a specific input by selector.
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.