PREFERRED: Get the full UI element tree of an app via Accessibility. ~50ms, no screenshot/OCR. Use this FIRST to find elements — returns titles, roles, and bounds. Then use ui_press/ui_find to interact.
AI agents call ui_tree to retrieve information from ScreenHand without modifying anything — typically the context-gathering step in research, monitoring, and reporting workflows, before the agent takes action elsewhere.
This tool retrieves structural information about UI elements without side effects. It enables discovery of what can be interacted with but does not itself execute commands, modify state, or trigger actions. The ~50ms performance note and comparison to screenshot-based alternatives indicate it is a lightweight information-gathering primitive. Classification as Read is appropriate.
From the tool's definition Tool description explicitly states 'Get the full UI element tree of an app via Accessibility' with no mention of modification, deletion, or execution. It returns 'titles, roles, and bounds' — pure data retrieval.
Documented attack patterns abuse exactly the kind of access ui_tree gives an agent:
PolicyLayer is an MCP gateway — it sits between your AI agents and ScreenHand, and nothing reaches the server without passing your rules. This is the rule we recommend for ui_tree:
{
"version": "1",
"default": "deny",
"tools": {
"ui_tree": {}
}
}ui_tree is read-only, so it stays allowed — but everything else on the server is denied unless you say otherwise.
Free to start. No card required.
PREFERRED: Get the full UI element tree of an app via Accessibility. ~50ms, no screenshot/OCR. Use this FIRST to find elements — returns titles, roles, and bounds. Then use ui_press/ui_find to interact. It is categorised as a Read tool in the ScreenHand MCP Server, which means it retrieves data without modifying state.
Register the ScreenHand MCP server in PolicyLayer and add a rule for ui_tree: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches ScreenHand. Nothing to install.
ui_tree is a Read tool with low risk. Read-only tools are generally safe to allow by default.
Yes. Add a rate_limit block to the ui_tree rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for ui_tree. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
ui_tree is provided by the ScreenHand MCP server (manushi4/screenhand). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Start from ScreenHand, add the rest of your stack, and see everything your agents can call. Then put policy on all of it.
Free to start. No card required.
89 ScreenHand tools catalogued and risk-classified — across an index of 43,000+ MCP servers.