High-risk tools in Claude TypeScript MCP Servers
29 of the 84 tools in Claude TypeScript MCP Servers are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
puppeteer_clear_inputExecuteClear an input field
-
batch_operationsExecuteExecute multiple file operations efficiently. Supports transactional mode (rollback on error) and parallel execution for read operations. Each operation result is returned indiv...
-
puppeteer_emulate_deviceExecuteEmulate a specific device
-
puppeteer_evaluateExecuteExecute JavaScript in the browser console
-
puppeteer_evaluate_in_frameExecuteExecute JavaScript in a specific frame
-
puppeteer_navigateExecuteNavigate to a URL
-
puppeteer_wait_for_functionExecuteWait for a JavaScript function to return true
-
puppeteer_wait_for_navigationExecuteWait for page navigation to complete
-
puppeteer_wait_for_selectorExecuteWait for an element to appear on the page
-
puppeteer_wait_for_timeoutExecuteWait for a specified amount of time
-
compress_filesExecuteCompress files into an archive. Supports zip, tar, and tar.gz formats. Requires appropriate tools (zip/tar) to be installed on the system.
-
puppeteer_go_backExecuteNavigate back in browser history
-
puppeteer_go_forwardExecuteNavigate forward in browser history
-
puppeteer_hoverExecuteHover over an element on the page
-
puppeteer_pdfExecuteGenerate PDF from the current page
-
puppeteer_reloadExecuteReload the current page
-
puppeteer_screenshotExecuteTake a screenshot of the current page or a specific element
-
puppeteer_search_across_framesExecuteSearch for elements across all frames
-
merge_pull_requestExecuteMerge a pull request
-
puppeteer_add_script_tagExecuteAdd a script tag to the page
-
puppeteer_authenticateExecuteSet HTTP authentication credentials
-
puppeteer_clickExecuteClick an element on the page
-
puppeteer_fillExecuteFill out an input field
-
puppeteer_keyboard_pressExecutePress a specific key or key combination
-
puppeteer_keyboard_typeExecuteType text with fine-grained control over typing speed
-
puppeteer_selectExecuteSelect an option from a select element
-
puppeteer_set_viewportExecuteSet the viewport size of the page
-
puppeteer_switch_to_frameExecuteSwitch context to a specific frame
-
puppeteer_switch_to_main_frameExecuteSwitch context back to the main frame
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.