High-risk tools in Mcp
17 of the 51 tools in Mcp are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
browser_assert_layoutExecuteRun numeric layout assertions against getBoundingClientRect() for a target element.
-
browser_auth_from_api_loginExecuteAuthenticate frontend state by API login and persist tokens into localStorage for the current browser origin.
-
browser_clickExecuteClick an element in the current browser session.
-
browser_fillExecuteFill an input, textarea, or contenteditable-compatible field.
-
browser_inspect_pageExecuteHigh-level frontend inspection workflow: open session, optionally auth, navigate, inspect, capture artifacts, and close session.
-
browser_navigateExecuteNavigate the current browser page to an absolute or baseUrl-relative URL.
-
browser_open_account_homeExecuteOpen the authenticated account home page in a new browser session and keep the session alive for follow-up actions.
-
browser_open_profile_pageExecuteOpen the authenticated profile page in a new browser session and keep the session alive for follow-up actions.
-
browser_open_security_pageExecuteOpen the authenticated security page in a new browser session and keep the session alive for follow-up actions.
-
browser_open_sessionExecuteCreate a stateful browser session backed by Playwright Chromium.
-
browser_pressExecutePress a keyboard key on the page or a focused selector.
-
browser_wait_forExecuteWait for a selector, load state, or URL condition inside an existing browser session.
-
call_api_by_swaggerExecuteCall a Swagger operation by operationId. Auth header is injected automatically from MCP session.
-
call_api_rawExecuteMake a raw HTTP request with full control over method, URL construction, headers, query params, body mode, and response parsing.
-
monitoring_latency_reportExecuteBuild nginx latency report from remote access logs (same rt= metric as Grafana Outvento Response Time). Use when asked to review latency/performance report.
-
vitour_ensure_serverExecuteEnsure the local Vitour static HTTP server is running (python3 -m http.server) and return baseUrl.
-
vitour_open_pageExecuteStart Vitour static server, open a Playwright session on a Vitour page, and keep the session open for follow-up browser_* tools.
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.