High-risk tools in ZMCPTools
15 of the 70 tools in ZMCPTools are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
force_unlock_stuck_jobsExecuteForce unlock all stuck scraping jobs (jobs that haven\
-
execute_browser_scriptExecute[LEGACY] Execute JavaScript in the browser context. Use interact_with_page instead.
-
execute_with_planExecuteExecute an objective using a pre-created execution plan with well-defined agent tasks
-
navigate_and_scrapeExecuteNavigate to a URL and optionally scrape content in one operation. Auto-creates session if needed.
-
navigate_to_urlExecute[LEGACY] Navigate to a URL in an existing browser session. Use navigate_and_scrape instead.
-
orchestrate_objective_structuredExecuteExecute structured phased orchestration with intelligent model selection (Research → Plan → Execute → Monitor → Cleanup)
-
broadcast_message_to_agentsExecuteBroadcast a message to multiple agents with auto-resume functionality
-
continue_agent_sessionExecuteContinue an agent session using stored conversation session ID with additional instructions
-
interact_with_elementExecute[LEGACY] Interact with a page element. Use interact_with_page instead.
-
interact_with_pageExecutePerform multiple interactions with a page: click, type, hover, select, screenshot, wait, scroll
-
orchestrate_objectiveExecuteSpawn architect agent to coordinate multi-agent objective completion
-
scrape_documentationExecuteScrape documentation from a website using intelligent sub-agents. Jobs are queued and processed automatically by the background worker. Supports plain string selectors for conte...
-
spawn_agentExecuteSpawn fully autonomous Claude agent with complete tool access
-
create_browser_sessionExecuteCreate a new browser session with intelligent auto-close and session management
-
manage_browser_sessionsExecuteManage browser sessions: list, close, cleanup idle sessions, get status
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.