High-risk tools in Computer Use MCP Server
22 of the 33 tools in Computer Use MCP Server are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
computer_batchExecuteExecute a sequence of actions in ONE tool call.
-
double_clickExecuteDouble-click at the given coordinates. Selects a word in most text editors.
-
hold_keyExecutePress and hold a key or key combination for the specified duration, then release.
-
keyExecutePress a key or key combination (e.g.
-
keyboard_hotkeyExecutePress a keyboard shortcut (key combination).
-
keyboard_pressExecutePress a single named key. Supported keys: return, tab, space, delete, escape,
-
keyboard_typeExecuteType a text string character by character. Handles Unicode characters.
-
left_clickExecuteLeft-click at the given coordinates.
-
left_mouse_downExecutePress the left mouse button at the current cursor position and leave it held. Use mouse_move first to position the cursor. Call left_mouse_up to release.
-
left_mouse_upExecuteRelease the left mouse button at the current cursor position. Pairs with left_mouse_down.
-
middle_clickExecuteMiddle-click (scroll-wheel click) at the given coordinates.
-
mouse_clickExecuteClick the mouse at the specified screen coordinates (logical coordinates).
-
mouse_dragExecuteDrag the mouse from one point to another (logical coordinates).
-
mouse_moveExecuteMove the mouse cursor to the specified screen coordinates (logical coordinates).
-
mouse_scrollExecuteScroll the mouse wheel at the current or specified position. Positive amount scrolls up, negative scrolls down.
-
open_applicationExecuteOpen a macOS application by name. Examples:
-
right_clickExecuteRight-click at the given coordinates. Opens a context menu in most applications.
-
run_shell_commandExecuteExecute a shell command and return its output (stdout, stderr, return code).
-
scrollExecuteScroll at the given coordinates.
-
switch_displayExecuteSwitch which monitor subsequent screenshots capture.
-
triple_clickExecuteTriple-click at the given coordinates. Selects a line in most text editors.
-
waitExecuteWait for a specified duration in seconds.
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.