High-risk tools in Taw Computer
15 of the 36 tools in Taw Computer are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
browser_evalExecuteRun a JavaScript expression in the page context and return the result.
-
browser_navigateExecuteNavigate the sandbox Chrome to a URL via CDP (Playwright). Returns final URL and page title.
-
browser_run_testExecuteRun a Playwright test script against the browser inside a VM. Has
-
browser_wait_forExecuteWait until a condition holds (selector visible, text appears, or network idle).
-
execExecuteRun a shell command inside the sandbox. Returns combined stdout+stderr. Use for any CLI work: git, npm, pip, apt, curl, etc.
-
vm_restartExecuteRestart a sandbox. Stops and starts the container — all files, databases, and installed packages are preserved. Only processes are restarted.
-
browser_click_refExecuteClick an element by its ref number from the most recent browser_snapshot.
-
browser_openExecuteOpen Chrome inside the sandbox (or navigate the existing tab) at the given URL, then return a JPEG screenshot.
-
browser_type_refExecuteFocus an element by ref and type text into it. Set submit=true to press Enter after.
-
desktop_clickExecuteClick at (x,y) on the sandbox desktop. button=1 left, 2 middle, 3 right.
-
desktop_dragExecuteDrag from (from_x, from_y) to (to_x, to_y) on the sandbox desktop.
-
desktop_keyExecutePress a key combo via xdotool, e.g.
-
desktop_scrollExecuteScroll at (x,y).
-
desktop_typeExecuteType text into the focused window via xdotool.
-
vm_createExecuteCreate a new sandbox (isolated Ubuntu mini-computer with shell, Chrome + CDP, VNC, xfce4). IMPORTANT: Before creating, check if the user has saved snapshots by looking at the
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.