High-risk tools in Nextjs Agent
18 of the 40 tools in Nextjs Agent are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
batchExecuteExecute several actions in ONE call, in order, each animated like a real user.
-
chrome_activate_tabExecuteBring a browser tab to the foreground by its
-
chrome_launchExecuteLaunch Chrome with remote debugging and a chosen profile directory (
-
chrome_open_tabExecuteOpen a new real browser tab at
-
claim_tabExecuteBind a browser tab to THIS agent so you can drive it. Give yourself a clear
-
clickExecuteClick an element by CSS selector, firing a real pointer+mouse+click sequence so React/MUI handlers run. Requires a connected tab.
-
evalExecuteExecute arbitrary JavaScript in the tab and return the serialized result. The snippet may
-
fillExecuteSet the value of a form control, choosing the right strategy automatically: text/email/number/textarea (typed via React native setter),
-
fill_formExecuteFill an entire form in a SINGLE call: pass
-
navigateExecuteNavigate a tab to a URL and return: a page
-
open_tabExecuteOpen a new browser tab at
-
reloadExecuteReload the current page in a tab. Pass
-
rerenderExecuteForce the nearest function component owning
-
select_optionExecuteOpen a composed dropdown/combobox and select the option matching
-
set_fieldExecuteFill a controlled input by BOTH the DOM native setter (input/change events — covers React Hook Form, MUI, uncontrolled) AND by invoking the element\
-
start_dev_serverExecuteSpawn
-
stop_dev_serverExecuteTerminate the dev server process started by start_dev_server.
-
wait_forExecutePoll a tab until a CSS selector appears or visible text is present, or timeout. Use after navigation or an action that triggers async rendering.
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.