AI Security Review
scanned 3h ago · by lpm-firewall-aiA hostile website may be able to call the unauthenticated loopback API because CORS reflects arbitrary origins with credentials and private-network access enabled. The API includes a user-command terminal creation route.
Decision evidence
public snapshot- `src/index.ts` reflects any CORS origin with credentials enabled.
- `src/index.ts` sets `Access-Control-Allow-Private-Network: true`.
- `src/tunnel-auth.ts` bypasses API authentication for loopback requests.
- `src/routes/terminals.ts` exposes terminal creation; `src/routes/terminals/service.ts` passes requested command/args to the runtime terminal manager.
- `package.json` has no preinstall/install/postinstall lifecycle hooks.
- No eval, Function, native payload, or install-time execution was found.
- Agent config writes are explicit `/v1/config/agents` API actions and target Otto-owned `.otto` configuration paths.
Source & flagged code
4 flagged · loading source`src/index.ts` reflects any CORS origin with credentials enabled.
src/index.tsView on unpkg`src/index.ts` sets `Access-Control-Allow-Private-Network: true`.
src/index.tsView on unpkg`src/tunnel-auth.ts` bypasses API authentication for loopback requests.
src/tunnel-auth.tsView on unpkg`src/routes/terminals.ts` exposes terminal creation; `src/routes/terminals/service.ts` passes requested command/args to the runtime terminal manager.
src/routes/terminals.tsView on unpkg