// MCP TOOL REFERENCE

gemini_navigate_to

打开指定的 Gemini 页面 URL（如特定会话链接）。仅允许 gemini.google.com 域名，其他域名会被拒绝。适用于需要恢复到某个历史会话继续对话的场景

ServerGemini Skill
CategoryExecute

WHAT GEMINI_NAVIGATE_TO ON GEMINI SKILL DOES

AI agents invoke gemini_navigate_to to trigger actions in Gemini Skill. What it does depends on the arguments the agent supplies, and its effects often reach beyond the immediate call — builds kicked off, notifications sent, workflows started.

THE RISK

High Risk

Navigation via CDP is a browser action that executes external operations (changing page state, loading content, potentially triggering side effects like authentication flows or API calls). While limited to gemini.google.com domain, it remains an Execute category action because it triggers browser behavior with argument-dependent outcomes.

From the tool's definition Tool navigates to specified Gemini page URLs via CDP (Chrome DevTools Protocol) with domain validation. The description states '打开指定的 Gemini 页面 URL' (open specified Gemini page URL), which involves triggering browser navigation actions whose effects depend on…

Documented attack patterns abuse exactly the kind of access gemini_navigate_to gives an agent:

HOW TO CONTROL GEMINI_NAVIGATE_TO

PolicyLayer is an MCP gateway — it sits between your AI agents and Gemini Skill, and nothing reaches the server without passing your rules. This is the rule we recommend for gemini_navigate_to:

policy.json

{
  "version": "1",
  "default": "deny",
  "tools": {
    "gemini_navigate_to": {
      "limits": [
        {
          "counter": "gemini_navigate_to_rate",
          "window": "minute",
          "max": 10,
          "scope": "grant"
        }
      ]
    }
  }
}

gemini_navigate_to stays usable, but rate-capped — a runaway agent can't fire it dozens of times a minute. Everything else on the server is denied unless you say otherwise.

Create a free account and register Gemini Skill — nothing to install.
Add this policy — paste it, or build it visually.
Point your MCP client (Claude, Cursor, anything) at your gateway URL.

RATE-LIMIT THIS TOOL →

Free to start. No card required.

EXPLORE

More Gemini Skill tools

Execute gemini_new_chat 在 Gemini 中新建一个空白对话 Execute atlas_stream_message 通过 Atlas Cloud 流式接口验证 Streaming 能力，并在服务端聚合后返回完整文本 Execute gemini_reload_page 刷新 Gemini 页面（页面卡住或状态异常时使用） Execute gemini_temp_chat 进入 Gemini 临时对话模式（不保留历史记录，适合隐私场景）。注意：临时会话按钮仅在空白新会话页面可见，本工具会自动先新建会话再进入临时模式 Execute atlas_send_message 通过 Atlas Cloud OpenAI 兼容接口发送一轮文本对话，返回最终文本结果 Execute gemini_generate_image 调用后台的 Gemini 浏览器会话生成高质量图片。【重要：长耗时工具】 - 本工具为同步阻塞调用，内部会等待 Gemini 生成完毕后才返回最终结果（成功/失败+文件路径）。 Execute gemini_send_message 向 Gemini 发送文本消息并等待回答完成（不提取图片，纯文本交互）。【长耗时工具】同步阻塞等待 Gemini 回复完毕才返回。典型耗时 10~60 秒，必须等到最终结果再回 Execute gemini_set_thinking_depth 切换 Gemini 思考深度（standard 标准 / extended 扩展）。仅在支持的模型下生效

All 21 Gemini Skill tools →

Execute tools on other servers

Frida Game Hacking MCP remove_breakpoint Procmon request_elevation WireMCP capture_packets Pentest Ai run_probe

Go deeper

High-risk tools in Gemini Skill → Every high-risk tool this server exposes, in one view.
All high-risk MCP tools → Every high-risk tool across the catalogue, and the policy pattern that contains them.
The MCP Attack Database → Documented attack patterns against MCP deployments — and the policies that stop them.
Rate Limiting MCP Tool Calls: A Practical Guide →
MCP Security: Why Prompt Guardrails Aren't Enough →

FAQ

What does the gemini_navigate_to tool do? +

打开指定的 Gemini 页面 URL（如特定会话链接）。仅允许 gemini.google.com 域名，其他域名会被拒绝。适用于需要恢复到某个历史会话继续对话的场景. It is categorised as a Execute tool in the Gemini Skill MCP Server, which means it can trigger actions or run processes. Use rate limits and argument validation.

How do I enforce a policy on gemini_navigate_to? +

Register the Gemini Skill MCP server in PolicyLayer and add a rule for gemini_navigate_to: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Gemini Skill. Nothing to install.

What risk level is gemini_navigate_to? +

gemini_navigate_to is a Execute tool with high risk. Execute tools should be rate-limited and have argument validation enabled.

Can I rate-limit gemini_navigate_to? +

Yes. Add a rate_limit block to the gemini_navigate_to rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.

How do I block gemini_navigate_to completely? +

Set action: deny in the PolicyLayer policy for gemini_navigate_to. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.

What MCP server provides gemini_navigate_to? +

gemini_navigate_to is provided by the Gemini Skill MCP server (wjz-p/gemini-skill). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.

Enforce policy on every Gemini Skill tool call.

Deterministic rules across all 21 Gemini Skill tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

GOVERN GEMINI SKILL →

Free to start. No card required.

21 Gemini Skill tools catalogued and risk-classified — across an index of 42,500+ MCP servers.

gemini_navigate_to

// WHAT GEMINI_NAVIGATE_TO ON GEMINI SKILL DOES

// THE RISK

// HOW TO CONTROL GEMINI_NAVIGATE_TO

// EXPLORE