High-risk tools in Web Bridge
13 of the 15 tools in Web Bridge are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
actExecuteExecute a natural language action. The AI will plan and perform multi-step operations in a single invocation, useful for transient UI interactions (e.g., Spotlight, dropdown men...
-
ClearInputExecuteClearInput action, the position of the placeholder or text content in the target input field. If there is no content, locate the center of the input field.. Parameters: locate? ...
-
CursorMoveExecuteCursorMove action, Move the text cursor (caret) left or right within an input field or text area. Use this to reposition the cursor without selecting text.. Parameters: directio...
-
DragAndDropExecuteDragAndDrop action, Pick up a specific UI element and move it to a new position (e.g., reorder a card, move a file into a folder, sort list items). The element itself moves with...
-
HoverExecuteHover action, Move the mouse to the element. Parameters: locate (object) - The element to be hovered
-
InputExecuteInput action, Input the value into the element. Parameters: value (string | number) - The text to input. Provide the final content for replace mode, only the inserted characters...
-
KeyboardPressExecuteKeyboardPress action, Press a key or key combination, like "Enter", "Tab", "Escape", or "Control+A", "Shift+Enter". Do not use this to type text.. Parameters: locate? (object) -...
-
RightClickExecuteRightClick action, Right click the element. Parameters: locate (object) - The element to be right clicked
-
ScrollExecuteScroll action, Scroll the page or a scrollable element to browse content. This is the preferred way to scroll on all platforms, including mobile. Supports scrollToBottom/scrollT...
-
SwipeExecuteSwipe action, Perform a touch gesture for interactions beyond regular scrolling (e.g., adjust a continuous control such as a slider, flip pages in a carousel, dismiss a notifica...
-
TapExecuteTap action, Tap the element. Parameters: locate (object) - The element to be tapped
-
web_connectExecuteConnect to web page. If URL provided, opens new tab; otherwise connects to current tab.
-
web_disconnectExecuteDisconnect from current web page and release browser resources
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.