High-risk tools in Wmux
30 of the 80 tools in Wmux are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
a2a_task_cancelExecuteCancel a task you previously sent. Only the original sender can cancel.
-
a2a_task_sendExecuteAlias for send_message.
-
browser_clickExecuteClick an element identified by its ref number from the accessibility snapshot, or by a smartRef from browser_smart_snapshot.
-
browser_dialogExecutePre-register a handler for the next browser dialog (alert, confirm, prompt, beforeunload). The handler will automatically accept or dismiss the dialog when it appears.
-
browser_downloadExecuteClick an element (identified by ref) and capture the resulting download. Returns the downloaded file path.
-
browser_dragExecuteDrag an element from sourceRef to targetRef.
-
browser_emulateExecuteApply emulation settings to the browser page: offline mode, custom headers, HTTP credentials, geolocation, color scheme, timezone, locale, or device preset.
-
browser_evaluateExecuteEvaluate a JavaScript expression in the browser page context. Dangerous patterns (fetch, XHR, cookies, storage, eval, Function) are BLOCKED by default to mitigate prompt injecti...
-
browser_fillExecuteFill multiple form fields at once. Each field is identified by a ref number.
-
browser_hoverExecuteHover over an element identified by its ref number.
-
browser_navigateExecuteNavigate the browser page to a URL. Returns the final URL after navigation.
-
browser_navigate_backExecuteGo back in browser history. Returns the current URL after going back.
-
browser_openExecuteOpen a new browser panel in the active pane. Use this when no browser surface exists yet.
-
browser_press_keyExecutePress a keyboard key (e.g. Enter, Tab, Escape, ArrowDown, Control+a).
-
browser_resizeExecuteResize the browser viewport to the specified dimensions.
-
browser_scrollExecuteScroll the page or a scrollable element. Use direction and amount to control scrolling.
-
browser_scroll_into_viewExecuteScroll an element into the visible viewport.
-
browser_selectExecuteSelect option(s) in a <select> element by value.
-
browser_session_startExecuteStart a browser session with the specified profile
-
browser_session_stopExecuteStop the current browser session
-
browser_tabsExecuteManage browser tabs: list all tabs, open a new tab, select a tab, or close a tab.
-
browser_traceExecuteStart or stop Playwright tracing. Use
-
browser_typeExecuteType text into an element identified by its ref number.
-
browser_waitExecuteWait for a condition: URL pattern, CSS selector, text content, custom JS predicate, or network idle. Priority: url > selector > text > fn > networkidle.
-
browser_wait_for_downloadExecuteWait for a download event on the page. Optionally filter by filename.
-
company_a2a_broadcastExecuteBroadcast a message to ALL agents in the company. Use sparingly.
-
pane_splitExecuteSplit a leaf pane, creating a new sibling pane. Returns the new paneId (and a ptyWarning if a background PTY could not be pre-spawned). Omit workspaceId to split inside your own...
-
surface_newExecuteOpen a new surface (terminal) in the active pane of a workspace. Returns the new surfaceId + ptyId. Omit workspaceId to open in your own (the caller\
-
terminal_sendExecuteSend text to a terminal. By default the text is written as-is — no Enter is pressed, so a shell command or TUI chat prompt will sit on the input line without being committed. Pass
-
terminal_send_keyExecuteSend a named key to a terminal. Omit ptyId to target the active terminal. Use surface_list() to discover available PTY IDs.
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.