获取抖音浏览器会话的连接信息(CDP 端口、WebSocket 地址、Daemon 状态等)
AI agents call douyin_browser_info to retrieve information from Douyin Upload Mcp Skill without modifying anything — typically the context-gathering step in research, monitoring, and reporting workflows, before the agent takes action elsewhere.
This tool queries and returns information about browser session connectivity without modifying or executing anything. However, the medium severity reflects that exposing Chrome DevTools Protocol connection details (WebSocket addresses, ports) could enable an agent to establish direct CDP connections and control the browser for unauthorized actions like credential theft or unauthorized publishing, despite the tool…
From the tool's definition Tool name and description indicate it retrieves connection metadata about an active browser session: 'CDP 端口、WebSocket 地址、Daemon 状态等' (CDP port, WebSocket address, Daemon status, etc.). The verb '获取' means 'obtain' or 'get', which is a read operation.
Documented attack patterns abuse exactly the kind of access douyin_browser_info gives an agent:
PolicyLayer is an MCP gateway — it sits between your AI agents and Douyin Upload Mcp Skill, and nothing reaches the server without passing your rules. This is the rule we recommend for douyin_browser_info:
{
"version": "1",
"default": "deny",
"tools": {
"douyin_browser_info": {}
}
}douyin_browser_info is read-only, so it stays allowed — but everything else on the server is denied unless you say otherwise.
Free to start. No card required.
获取抖音浏览器会话的连接信息(CDP 端口、WebSocket 地址、Daemon 状态等). It is categorised as a Read tool in the Douyin Upload Mcp Skill MCP Server, which means it retrieves data without modifying state.
Register the Douyin Upload Mcp Skill MCP server in PolicyLayer and add a rule for douyin_browser_info: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Douyin Upload Mcp Skill. Nothing to install.
douyin_browser_info is a Read tool with low risk. Read-only tools are generally safe to allow by default.
Yes. Add a rate_limit block to the douyin_browser_info rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for douyin_browser_info. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
douyin_browser_info is provided by the Douyin Upload Mcp Skill MCP server (wjz-p/douyin-upload-mcp-skill). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Deterministic rules across all 8 Douyin Upload Mcp Skill tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.
Free to start. No card required.
8 Douyin Upload Mcp Skill tools catalogued and risk-classified — across an index of 42,500+ MCP servers.