Hi, I looked through the repo and found a few security issues that seem important to fix.
I did not find obvious malicious behavior like persistence, hidden process launching, credential theft, registry autoruns, or injection. The app appears to do what it says: hotkey hook, screen capture, mic capture, overlay, and cloud traffic.
That said, I found some issues that seem serious:
Medium
I also checked the worker dependencies with npm audit --omit=dev and did not see production dependency vulnerabilities from that check. I could not fully check .NET package vulnerabilities because I did not have the .NET SDK available in the environment I used.
Suggested fixes:
- Require authentication or signed requests on the worker, or remove the public proxy pattern entirely
- Never return raw provider API keys to the client
- Remove or reduce sensitive logging in production
- Re-evaluate whether admin privileges are actually required
- Consider documenting the security model clearly in the README
I’m sharing this because I think these are worth fixing, not to pile on. If you want, I can also open a PR suggestion or help summarize safer alternatives.
Hi, I looked through the repo and found a few security issues that seem important to fix.
I did not find obvious malicious behavior like persistence, hidden process launching, credential theft, registry autoruns, or injection. The app appears to do what it says: hotkey hook, screen capture, mic capture, overlay, and cloud traffic.
That said, I found some issues that seem serious:
Medium
Some logs appear to include sensitive runtime information such as:
I also checked the worker dependencies with
npm audit --omit=devand did not see production dependency vulnerabilities from that check. I could not fully check .NET package vulnerabilities because I did not have the .NET SDK available in the environment I used.Suggested fixes:
I’m sharing this because I think these are worth fixing, not to pile on. If you want, I can also open a PR suggestion or help summarize safer alternatives.