Layer 0 render-and-capture audit: renders a LIVE URL at each viewport×theme, scroll-settles (fires whileInView/IntersectionObserver reveals; plays preload=none videos), fires hover/click/focus interactions, and captures real pixels + the rendered DOM. Then runs the existing audit_page rule engine...
AI agents invoke audit_url to trigger actions in Raven. What it does depends on the arguments the agent supplies, and its effects often reach beyond the immediate call — builds kicked off, notifications sent, workflows started.
| Parameter | Type | Required | Description |
|---|---|---|---|
url | string | Yes | URL to render and audit (http/https or file://) |
themes | array | — | Themes to toggle (prefers-color-scheme + data-theme/class). Default: ['light','dark'] |
compact | boolean | — | Drop per-capture base64 screenshots; keep findings, counts, and summary. Default false. Use when screenshots would blow the tool-result budget. |
timeoutMs | number | — | Per-navigation timeout in ms. Default: 30000 |
viewports | array | — | Viewports to render. Default: iphone 393×852, desktop 1440×900, wide 2160×1200 |
interactions | array | — | Fire each interaction before capture; the resulting state is diffed against baseline to catch hover/click white-wash and obscured content. |
scroll_settle | boolean | — | Scroll to bottom to fire reveal-on-scroll/IntersectionObserver content and play videos before capture. Default: true |
containerMaxWidth | number | — | Your design system's canonical container width in px — makes the max-width check token-aware. |
includeScreenshots | boolean | — | Include the base64 full-page PNG per capture in the result. Default: false (screenshots are large). |
Parameters from the server's own tool schema.
This tool actively renders live URLs in a browser environment, fires real interactions (hover, click, focus), plays videos, and captures DOM state — all of which constitute executing external operations against live systems.
From the tool's definition renders a LIVE URL at each viewport×theme, scroll-settles, fires hover/click/focus interactions, and captures real pixels + the rendered DOM
Risk signalsAccepts URL/endpoint input (url) · High parameter count (15 properties) · Bulk/mass operation — affects multiple targets
Attacks that exploit this kind of access
Layer 0 render-and-capture audit: renders a LIVE URL at each viewport×theme, scroll-settles (fires whileInView/IntersectionObserver reveals; plays preload=none videos), fires hover/click/focus interactions, and captures real pixels + the rendered DOM. Then runs the existing audit_page rule engine, per-element WCAG contrast, responsive-visibility (desktop-shown/mobile-hidden), blank-media detection, sliced-image edge symmetry, and hover-state white-wash detection over the captures. Every finding is tagged confirmed | likely-artifact | inconclusive with its evidence, ranked by severity. This is the tool that catches real-world visual nits invisible to HTML-string/geometry audits: cropped images, blank videos, hover white-wash, sliced exports, and hidden-on-mobile content. Requires headless chromium. It is categorised as a Execute tool in the Raven MCP Server, which means it can trigger actions or run processes. Use rate limits and argument validation.
audit_url accepts 9 parameters: url, themes, compact, timeoutMs, viewports, interactions, scroll_settle, containerMaxWidth, includeScreenshots. Required: url. The full parameter table on this page comes from the server's own tool schema.
Register the Raven MCP server in PolicyLayer and add a rule for audit_url: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Raven. Nothing to install.
audit_url is a Execute tool with high risk. Execute tools should be rate-limited and have argument validation enabled.
Yes. Add a rate_limit block to the audit_url rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for audit_url. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
audit_url is provided by the Raven MCP server (raven-mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Every MCP server has a record like this.
Type a name, get the same breakdown: verified identity, auth posture, risk grade, capabilities, recommended policy.
Teams ship this data inside their own products. See what a licence covers →