37 tools from the Leapfrog MCP Server, categorised by risk level.
View the Leapfrog policy →api_discover List JSON APIs the page has called. Captured automatically from XHR/fetch traffic. Classifies into: data, tracking, auth, cdn, ads. console_log View captured browser console messages (log, warn, error, info, debug). Console capture starts automatically when a session is created. Use level f... domain_knowledge Inspect what Leapfrog has learned about a website from previous visits. Shows stealth tier, wait strategy, block history, consent selector, API end... extract Extract data from the page without a full snapshot. Types: text (visible text), html (markup), title, url, js (evaluate JavaScript). Use target wit... 2/5 network_log View captured HTTP requests/responses for a session. Shows method, status, URL, size, and timing. Filter by URL pattern, method, status range, or c... pool_status Show pool stats, resource usage (memory, uptime), and all active session summaries. Shows per-session idle time. Sessions approaching 30-minute idl... profile_list List saved persistent browser profiles with their auth status. screenshot Capture a screenshot of the current page. Returns the image inline as base64. Optionally save to disk with savePath. session_list List all active browser sessions with their URLs and idle times. session_list_profiles List all saved authentication profiles. snapshot Re-snapshot the current page for fresh @eN refs. Use after 'act' when you need to re-orient, or scope to a region with 'selector'. Use 'selector' t... tabs_list List all open tabs in a session. Shows index, URL, title, and which tab is active. New tabs (popups, OAuth windows) are automatically tracked. act Perform a browser interaction: click, fill, type, check, select, press key, scroll, hover, mousemove, drag, upload, resize, back, forward. Use @eN ... 2/5 add_init_script Inject JavaScript that runs before every page load in a session. Persists across navigations (Playwright built-in behavior). Use for fingerprint ov... 4/5 api_export Generate an OpenAPI v3 spec from observed API traffic. Navigate pages first to capture traffic, then export. 2/5 diff Compare the current page state against the last snapshot for this session. Returns only what changed (additions, removals, changes) — massive token... 2/5 paginate Extract data across multiple pages in a single call. Handles click-next, infinite scroll, and URL-pattern pagination. Auto-detects 'next' buttons w... 2/5 profile_import_from_chrome Connect to your real Chrome browser via CDP, capture its auth cookies, and save them as a Leapfrog profile. This gives you real Google auth, reCAPT... 2/5 profile_warm Warm up a browser profile by browsing trusted sites (Google, Wikipedia, YouTube). Fresh profiles with zero history score near 0 on reCAPTCHA v3. A ... 2/5 session_create Create a new isolated browser session with its own cookies and state. Returns a short session ID (e.g. s_k3m7x1) to pass to all other tools. Each s... 3/5 session_create_batch Create multiple isolated browser sessions concurrently — 5-10x faster than sequential session_create calls. Optionally navigate each to a URL. Retu... 2/5 session_export Export session action history as a replayable recording. Creates a JSON script from all mutating actions with @eN refs resolved to stable selectors... 2/5 session_export_trace Export a Playwright trace file for a session. Requires LEAP_TRACE=true. The trace can be viewed at trace.playwright.dev for detailed action timeline. 2/5 session_health Check if a session is healthy (browser connected, page responsive). Omit sessionId to check all sessions. Quick diagnostic for debugging. 2/5 session_memory Recall what actions were performed in this session. Useful after context window compression to recover lost context. 2/5 session_replay Replay a recording in the current session. Executes each step directly against the browser. Override {{placeholder}} params with the params object.... 2/5 session_save_profile Save a session's cookies and auth state to disk. Use this after logging in to a site so future sessions can restore that login. Pass the returned p... 2/5 tab_close Close a tab by index. Defaults to the active tab. Cannot close the last remaining tab. Returns a snapshot of the new active tab. 2/5 tab_switch Switch to a different tab by index. Use -1 to switch to the most recently opened tab (useful for popups). Returns a snapshot of the newly active tab. 2/5 network_intercept Add or remove network intercept rules. Block requests (ads, trackers), mock API responses, or log specific traffic. Use action='remove' with ruleId... 4/5 profile_delete Delete a saved persistent browser profile and all its data. 4/5 session_destroy Close and clean up a browser session. Frees a pool slot. 4/5 batch_actions Execute multiple browser actions sequentially in a single MCP call. Eliminates round-trip overhead for humanization sequences (e.g. Bezier mouse pa... 3/5 execute Run a Playwright script with access to { page, context }. One tool call replaces 5-20 sequential MCP round trips. Use for complex flows with condit... 4/5 navigate Navigate to a URL and return a compact accessibility snapshot with @eN refs. Refs like @e1, @e2 can be passed directly to the 'act' tool — no CSS s... 3/5 wait_for Wait for a condition before proceeding. Supports: element visible, text appears, network idle, URL navigation, JS expression truthy. Returns a fres... 4/5 wait_for_human Pause and request human intervention. Shows the @..@ overlay with your reason. Use when you encounter a CAPTCHA, login wall, or any situation requi... 3/5 The Leapfrog MCP server exposes 37 tools across 4 categories: Read, Write, Destructive, Execute.
Use Intercept, the open-source MCP proxy. Write YAML rules for each tool — rate limits, argument validation, or deny rules — then run Intercept in front of the Leapfrog server.
Leapfrog tools are categorised as Read (12), Write (17), Destructive (3), Execute (5). Each category has a recommended default policy.
Open source. One binary. Zero dependencies.
npx -y @policylayer/intercept