// MCP TOOL REFERENCE

JS REVERSE STRONG MCP TOOLS

85 tools from the JS Reverse Strong MCP MCP Server, categorised by risk level.

// ALL 85 JS REVERSE STRONG MCP TOOLS

READ 50 tools

Read decompile_wasm_module Disassemble a Wasm module to WAT using wabt/wasm2wat and summarize function-level behavior. Read risk_panel Build a combined risk score from analyzer, crypto detector and hook signals. Read summarize_wasm_boundary Build candidate JS -> memory bridge -> Wasm export -> sink chains for a captured Wasm module. Read analyze_wasm_module Analyze one Wasm module by session module ID, base64 payload, or artifact path. Read analyze_wasm_signature_diff Compare captured JS-Wasm boundary chains to highlight which query/body/header inputs vary like signature ma... Read analyze_websocket_messages Analyzes WebSocket messages and groups them by pattern/fingerprint. Essential for understanding binary/prot... Read check_browser_health Check browser connectivity and active page readiness before running reverse workflows. Read collect_code Collect JavaScript code from a page with smart modes (summary/priority/incremental/full). Read collect_wasm Collect Wasm modules from network responses and runtime instantiation hooks. Read collection_diff Compare previous and current collected file summaries. Read deobfuscate_code AI-assisted JavaScript deobfuscation. Read detect_crypto Detect cryptographic algorithms/libraries from JavaScript source. Read diff_env_requirements Compare local runtime failures with observed browser capabilities and suggest the next environment patches. Read dump_session_state Export a saved session snapshot as JSON, optionally writing to a file. Read find_clickable_elements Find clickable buttons/links, optionally filtered by text. Read find_in_script Finds a string in a specific script and returns its exact line/column position with surrounding context. Id... Read get_console_message Gets a console message by its ID. You can get all messages by calling ${listConsoleMessages.name}. Read get_dom_structure Get DOM tree structure for current page. Read get_hook_data Get captured data for one hook or all hooks. Supports raw view and summary view for noise reduction. Read get_network_request Gets a network request by an optional reqid, if omitted returns the currently selected request in the DevTo... Read get_paused_info Gets information about the current paused state including call stack, current location, and scope variables... Read get_performance_metrics Get page performance metrics from Performance API. Read get_request_initiator Gets the JavaScript call stack that initiated a network request. This helps trace which code triggered an A... Read get_script_source Gets the source code of a JavaScript script by its script ID. Supports line range (for normal files) or cha... Read get_storage Gets browser storage data including cookies, localStorage, and sessionStorage. Read get_websocket_message Gets a single WebSocket message by its frame index. Use get_websocket_messages or analyze_websocket_message... Read get_websocket_messages Gets messages for a WebSocket connection. IMPORTANT: For binary/protobuf messages (like live streaming), us... Read inspect_object Deeply inspects a JavaScript object, showing its properties, prototype chain, and methods. Useful for under... Read inspect_wasm_exports Summarize Wasm export usage and likely high-value entry points. Read list_breakpoints Lists all active breakpoints in the current debugging session. Read list_console_messages List all console messages for the currently selected page since the last navigation. Read list_frames Lists all frames (including iframes) in the current page as a tree. Shows frame index, name, and URL. Use s... Read list_hooks Lists all active function hooks. Read list_network_requests List all requests for the currently selected page since the last navigation. Read list_pages Get a list of pages open in the browser. Read list_scripts Lists all JavaScript scripts loaded in the current page. Returns script ID, URL, and source map information... Read list_session_states List all saved session snapshots in memory. Read list_stealth_features List available stealth feature toggles. Read list_stealth_presets List available stealth presets. Read list_wasm_modules List Wasm modules captured in the current session. Read list_websocket_connections List all WebSocket connections. After getting wsid, use analyze_websocket_messages(wsid) FIRST to understan... Read monitor_events Monitors DOM events on a specified element or window. Events will be logged to console. Read query_dom Query one or multiple elements by CSS selector. Read search_in_scripts Search in collected script cache with regex pattern. Read search_in_sources Searches for a string or regex pattern in all loaded JavaScript sources. Returns matching lines with script... Read summarize_code Summarize one code file, multiple files, or project-level context. Read take_screenshot Take a screenshot of the page or element. Read understand_code Analyze code structure/business/security with AI + static analysis. Read export_session_report Export current reverse-engineering session as JSON or Markdown. Read save_session_state Save current page session state (cookies/localStorage/sessionStorage) into in-memory snapshot.

WRITE 6 tools

Write remove_breakpoint Removes a breakpoint by its ID. Use list_breakpoints to see active breakpoints. Write remove_xhr_breakpoint Removes an XHR/Fetch breakpoint. Write load_session_state Load a session snapshot from JSON string or file into memory. Write record_reverse_evidence Append structured reverse-engineering evidence to a task artifact log. Write export_rebuild_bundle Export a local Node rebuild bundle from observed reverse-engineering evidence. Write set_user_agent Set custom user-agent for active page.

DESTRUCTIVE 2 tools

Destructive delete_session_state Delete one in-memory session snapshot by sessionId. Destructive remove_hook Remove a hook by id.

EXECUTE 27 tools

Execute evaluate_on_callframe Evaluates a JavaScript expression in the context of a specific call frame while paused. This allows you to ... Execute inject_preload_script Register a JavaScript snippet that will run on future document loads before page scripts execute. Use this ... Execute navigate_page Navigates the currently selected page to a URL, or performs back/forward/reload navigation. Waits for DOMCo... Execute new_page Creates a new page and navigates to the specified URL. Waits for DOMContentLoaded event (not full page load... Execute stop_monitor Stops an event monitor. Execute wait_for_element Wait for selector to appear. Execute analyze_target One-shot reverse workflow: collect code, run security/crypto analysis, optional deobfuscation, and hook tim... Execute break_on_xhr Sets a breakpoint that triggers when an XHR/Fetch request URL contains the specified string. Execute evaluate_script Evaluate a JavaScript function inside the currently selected page. Returns the response as JSON so returned... Execute hook_function RECOMMENDED for reverse engineering: Hooks a JavaScript function to log its calls, arguments, and return va... Execute inject_hook Inject an existing hook into the current page. Execute inject_stealth Inject anti-detection stealth scripts to current page. Execute pause Pauses JavaScript execution at the current point. Use this to interrupt running code. Execute step_into Steps into the next function call. Use this to enter and debug function bodies. Execute step_out Steps out of the current function, continuing until the function returns. Use this to quickly exit a function. Execute step_over Steps over to the next statement, treating function calls as a single step. Use this to move through code w... Execute trace_function Traces calls to a function by its name in the source code. Works for ANY function including module-internal... Execute unhook_function Removes a previously installed function hook. Execute click_element Click an element by selector. Execute create_hook RECOMMENDED: Create hook script for function/fetch/xhr/property/cookie/websocket/eval/timer. Hooks run with... Execute restore_session_state Restore a previously saved session snapshot to current page. Execute resume Resumes JavaScript execution after being paused at a breakpoint. Execution continues until the next breakpo... Execute select_frame Selects a frame (by index from list_frames) as the execution context for evaluate_script, hook_function, in... Execute select_page Select a page as a context for future tool calls. Execute set_breakpoint Sets a breakpoint in a JavaScript file at the specified line. The breakpoint will trigger when the code exe... Execute set_breakpoint_on_text Sets a breakpoint on specific code (function name, statement, etc.) by searching for it and automatically d... Execute type_text Type text into an input element.

// FAQ

How many tools does the JS Reverse Strong MCP MCP server have? +

The JS Reverse Strong MCP MCP server exposes 85 tools across 4 categories: Read, Write, Destructive, Execute.

How do I enforce policies on JS Reverse Strong MCP tools? +

Route the JS Reverse Strong MCP server through the PolicyLayer gateway. Define allow, deny, or approval rules per tool in the dashboard; they are enforced on every call before it reaches the server.

What risk categories do JS Reverse Strong MCP tools fall into? +

JS Reverse Strong MCP tools are categorised as Read (50), Write (6), Destructive (2), Execute (27). Each category has a recommended default policy.

Enforce policy on every JS Reverse Strong MCP tool call.

Start from JS Reverse Strong MCP, add the rest of your stack, and see everything your agents can call. Then put policy on all of it.

CHECK YOUR STACK →

Free to start. No card required.

43,000+ MCP servers and 220,000+ tools scanned and risk-classified.