Input action, Input the value into the element. Parameters: value (string | number) - The text to input. Provide the final content for replace mode, only the inserted characters for typeOnly mode, or an empty string when using clear mode to remove existing text.; locate? (object) - the position o...
AI agents invoke Input to trigger actions in Web Bridge. What it does depends on the arguments the agent supplies, and its effects often reach beyond the immediate call — builds kicked off, notifications sent, workflows started.
| Parameter | Type | Required | Description |
|---|---|---|---|
mode | string | — | Input mode: "replace" (default) - clear the field and input the value; "typeOnly" - type the value directly without clearing the field first, and should be set |
value | string | number | Yes | The text to input. Provide the final content for replace mode, only the inserted characters for typeOnly mode, or an empty string when using clear mode to remov |
locate | object | — | the position of the placeholder or text content in the target input field. If there is no content, locate the center of the input field. |
web.url | string | — | URL to open in new tab (omit to use current page) |
web.aiActContext | string | — | Background knowledge passed to aiAct. Default: no extra context. |
autoDismissKeyboard | boolean | — | If true, the keyboard will be dismissed after the input is completed. Do not set it unless the user asks you to do so. |
web.waitAfterAction | number | — | Wait time in milliseconds after each action execution. Default: 300ms. |
web.replanningCycleLimit | integer | — | Maximum number of replanning cycles for aiAct. Default: model adapter default. |
web.screenshotShrinkFactor | number | — | Screenshot shrink factor before sending images to AI. Default: 1; high values may reduce recognition quality, especially on mobile. |
Parameters from the server's own tool schema.
This tool performs browser automation by inputting text into web form fields, triggering external UI interactions. It can manipulate any input field in a browser session (forms, login fields, search boxes, etc.), which could lead to unintended submissions or data entry.
From the tool's definition Input action, Input the value into the element... clear the field and input the value; typeOnly - type the value directly without clearing
Risk signalsAccepts URL/endpoint input (web.url) · High parameter count (14 properties)
Attacks that exploit this kind of access
Input action, Input the value into the element. Parameters: value (string | number) - The text to input. Provide the final content for replace mode, only the inserted characters for typeOnly mode, or an empty string when using clear mode to remove existing text.; locate? (object) - the position of the placeholder or text content in the target input field. If there is no content, locate the center of the input field.; mode? (enum('replace', 'clear', 'typeOnly')) - Input mode: "replace" (default) - clear the field and input the value; "typeOnly" - type the value directly without clearing the field first, and should be set explicitly for incremental edits after moving the cursor; "clear" - clear the field without inputting new text.; autoDismissKeyboard? (boolean) - If true, the keyboard will be dismissed after the input is completed. Do not set it unless the user asks you to do so. It is categorised as a Execute tool in the Web Bridge MCP Server, which means it can trigger actions or run processes. Use rate limits and argument validation.
Input accepts 9 parameters: mode, value, locate, web.url, web.aiActContext, autoDismissKeyboard, web.waitAfterAction, web.replanningCycleLimit, web.screenshotShrinkFactor. Required: value. The full parameter table on this page comes from the server's own tool schema.
Register the Web Bridge MCP server in PolicyLayer and add a rule for Input: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Web Bridge. Nothing to install.
Input is a Execute tool with high risk. Execute tools should be rate-limited and have argument validation enabled.
Yes. Add a rate_limit block to the Input rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for Input. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
Input is provided by the Web Bridge MCP server (@midscene/web-bridge-mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Every MCP server has a record like this.
Type a name, get the same breakdown: verified identity, auth posture, risk grade, capabilities, recommended policy.
Teams ship this data inside their own products. See what a licence covers →