audit_url

Layer 0 render-and-capture audit: renders a LIVE URL at each viewport×theme, scroll-settles (fires whileInView/IntersectionObserver reveals; plays preload=none videos), fires hover/click/focus interactions, and captures real pixels + the rendered DOM. Then runs the existing audit_page rule engine...

Server Raven raven-mcp
Category Execute
Risk class High
Parameters 91 required

What audit_url does on Raven

AI agents invoke audit_url to trigger actions in Raven. What it does depends on the arguments the agent supplies, and its effects often reach beyond the immediate call — builds kicked off, notifications sent, workflows started.

ParameterTypeRequiredDescription
url string Yes URL to render and audit (http/https or file://)
themes array Themes to toggle (prefers-color-scheme + data-theme/class). Default: ['light','dark']
compact boolean Drop per-capture base64 screenshots; keep findings, counts, and summary. Default false. Use when screenshots would blow the tool-result budget.
timeoutMs number Per-navigation timeout in ms. Default: 30000
viewports array Viewports to render. Default: iphone 393×852, desktop 1440×900, wide 2160×1200
interactions array Fire each interaction before capture; the resulting state is diffed against baseline to catch hover/click white-wash and obscured content.
scroll_settle boolean Scroll to bottom to fire reveal-on-scroll/IntersectionObserver content and play videos before capture. Default: true
containerMaxWidth number Your design system's canonical container width in px — makes the max-width check token-aware.
includeScreenshots boolean Include the base64 full-page PNG per capture in the result. Default: false (screenshots are large).

Parameters from the server's own tool schema.

Why audit_url needs a policy

This tool actively renders live URLs in a browser environment, fires real interactions (hover, click, focus), plays videos, and captures DOM state — all of which constitute executing external operations against live systems.

From the tool's definition renders a LIVE URL at each viewport×theme, scroll-settles, fires hover/click/focus interactions, and captures real pixels + the rendered DOM

Risk signalsAccepts URL/endpoint input (url) · High parameter count (15 properties) · Bulk/mass operation — affects multiple targets

Questions about audit_url

What does the audit_url tool do? +

Layer 0 render-and-capture audit: renders a LIVE URL at each viewport×theme, scroll-settles (fires whileInView/IntersectionObserver reveals; plays preload=none videos), fires hover/click/focus interactions, and captures real pixels + the rendered DOM. Then runs the existing audit_page rule engine, per-element WCAG contrast, responsive-visibility (desktop-shown/mobile-hidden), blank-media detection, sliced-image edge symmetry, and hover-state white-wash detection over the captures. Every finding is tagged confirmed | likely-artifact | inconclusive with its evidence, ranked by severity. This is the tool that catches real-world visual nits invisible to HTML-string/geometry audits: cropped images, blank videos, hover white-wash, sliced exports, and hidden-on-mobile content. Requires headless chromium. It is categorised as a Execute tool in the Raven MCP Server, which means it can trigger actions or run processes. Use rate limits and argument validation.

What parameters does audit_url accept? +

audit_url accepts 9 parameters: url, themes, compact, timeoutMs, viewports, interactions, scroll_settle, containerMaxWidth, includeScreenshots. Required: url. The full parameter table on this page comes from the server's own tool schema.

How do I enforce a policy on audit_url? +

Register the Raven MCP server in PolicyLayer and add a rule for audit_url: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Raven. Nothing to install.

What risk level is audit_url? +

audit_url is a Execute tool with high risk. Execute tools should be rate-limited and have argument validation enabled.

Can I rate-limit audit_url? +

Yes. Add a rate_limit block to the audit_url rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.

How do I block audit_url completely? +

Set action: deny in the PolicyLayer policy for audit_url. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.

What MCP server provides audit_url? +

audit_url is provided by the Raven MCP server (raven-mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.

// LOOK UP ANOTHER SERVER

Every MCP server has a record like this.

Type a name, get the same breakdown: verified identity, auth posture, risk grade, capabilities, recommended policy.

Teams ship this data inside their own products. See what a licence covers →

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.