High-risk tools in Rpcclient
14 of the 24 tools in Rpcclient are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
rpc_callExecuteExecute a generic rpcclient path call against the session's root client object.
-
rpc_click_by_contextExecuteClick the most relevant screen element for a natural-language intent.
-
rpc_click_labelExecuteClick a UI element by label (exact or fuzzy).
-
rpc_connectExecuteCreate an rpcclient session to a remote rpcserver target.
-
rpc_dismiss_overlaysExecuteDismiss known transient overlays (for example Safari auth sheets).
-
rpc_fill_signin_credentialsExecuteFill sign-in credentials with support for app-stage or Safari-overlay-stage password entry.
-
rpc_handle_callExecuteCall a method or read callable attribute from a stored handle object.
-
rpc_launch_appExecuteLaunch an app by bundle id or query; includes foreground verification result.
-
rpc_reconnectExecuteReconnect an existing session to recover from broken transport; clears stale handles.
-
rpc_release_handleExecuteRelease one stored object handle.
-
rpc_scrollExecuteScroll using HID swipe gestures.
-
rpc_tapExecuteTap by normalized screen coordinates, useful for focusing non-AX web fields.
-
rpc_type_focused_textExecuteType text into the currently focused element (useful when Safari overlay fields are not AX-exposed).
-
rpc_type_textExecuteType text by explicit label, semantic intent, or anchor-relative targeting.
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.