High-risk tools in Computer Use Windows
17 of the 22 tools in Computer Use Windows are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
double_clickExecuteDouble-click at the given coordinates. Selects a word in most text editors. ${FRONTMOST_GATE_DESC}
-
hold_keyExecutePress and hold a key or key combination for the specified duration, then release. ${FRONTMOST_GATE_DESC}
-
left_clickExecuteLeft-click at the given coordinates. ${FRONTMOST_GATE_DESC}
-
left_click_dragExecutePress, move to target, and release. ${FRONTMOST_GATE_DESC}
-
left_mouse_downExecutePress the left mouse button at the current cursor position and leave it held. ${FRONTMOST_GATE_DESC}
-
left_mouse_upExecuteRelease the left mouse button at the current cursor position. ${FRONTMOST_GATE_DESC}
-
middle_clickExecuteMiddle-click (scroll-wheel click) at the given coordinates. ${FRONTMOST_GATE_DESC}
-
mouse_moveExecuteMove the mouse cursor without clicking. Useful for triggering hover states. ${FRONTMOST_GATE_DESC}
-
open_applicationExecuteBring an application to the front, launching it if necessary. The target application must already be in the session allowlist — call request_access first.
-
request_accessExecuteRequest user permission to control a set of applications for this session. Must be called before any other tool in this server.
-
request_teach_accessExecuteRequest permission to guide the user through a task step-by-step with on-screen tooltips.
-
right_clickExecuteRight-click at the given coordinates. Opens a context menu in most applications. ${FRONTMOST_GATE_DESC}
-
scrollExecuteScroll at the given coordinates. ${FRONTMOST_GATE_DESC}
-
switch_displayExecuteSwitch which monitor subsequent screenshots capture. Use this when the
-
triple_clickExecuteTriple-click at the given coordinates. Selects a line in most text editors. ${FRONTMOST_GATE_DESC}
-
typeExecuteType text into whatever currently has keyboard focus. ${FRONTMOST_GATE_DESC} Newlines are supported. For keyboard shortcuts use \
-
waitExecuteWait for a specified duration.
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.