High-risk tools in Frx Director
6 of the 11 tools in Frx Director are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
agent_call_toolExecute★你(director)亲自跑一个浏览器引擎工具,跳过 DeepSeek worker —— 强模型直驱引擎级工具,比委派 worker 磨更快更准。
-
agent_sendExecute★director 的核心动作:把方向纠正作为下一条 user 消息发出去并起下一轮(=harness 的 advance)。
-
agent_startExecute开一个新的逆向会话:配置 worker 模型(默认沿用浏览器里已配的)+关掉工具确认门、(可选)导航到目标 URL、建工作目录、用便宜的 worker 模型以【AI 辅助模式】发出第一轮(task 作为第 0 条 user)。返回 tid,后续都用它。
-
agent_stopExecute砍掉 worker 当前这一轮(agentSession.stop)。用在:读到快照发现 worker 正冲向错误路线,想立刻截停并 agent_send 纠正、不想干等它 settle。进展已落盘(ledger/progress.md),停掉不丢持久状态。
-
agent_toolsExecute列出浏览器侧可用的逆向工具清单(名称/说明/是否需确认/参数名)——含 16 个引擎级逆向工具(signer_trace/jsvmp_trace/closure_read/webapi_trace/whitebox_diff/wasm_probe 等,页面检测不到)。
-
agent_wait_for_stopExecute阻塞轮询直到 worker 这一轮 settled(阶段门到了)。这是
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.