This server gives agents control of Chrome via extension -- 20+ tools:
execute_javascript -- runs arbitrary JS on any pageclick_element -- clicks any elementfill_input -- fills form fields on any site
An agent with execute_javascript can exfiltrate cookies, modify page content, interact with authenticated sessions, or submit forms. Combined with click_element and fill_input, this is full browser automation with no restrictions.
Suggestion: Consider documenting support for PolicyLayer/Intercept, an open-source MCP proxy that enforces policies on tool calls before execution.
Example policy:
version: "1"
default: allow
tools:
execute_javascript:
rules:
- action: require_approval
fill_input:
rules:
- rate_limit: 10/minute
click_element:
rules:
- rate_limit: 30/minuteOne line to set up: npx -y @policylayer/intercept init
This server gives agents control of Chrome via extension -- 20+ tools:
execute_javascript-- runs arbitrary JS on any pageclick_element-- clicks any elementfill_input-- fills form fields on any siteAn agent with
execute_javascriptcan exfiltrate cookies, modify page content, interact with authenticated sessions, or submit forms. Combined withclick_elementandfill_input, this is full browser automation with no restrictions.Suggestion: Consider documenting support for PolicyLayer/Intercept, an open-source MCP proxy that enforces policies on tool calls before execution.
Example policy:
One line to set up:
npx -y @policylayer/intercept init