ui-tars-desktop

Security Findings (39)

• HighExcessive Permission Surface ×13

  • get_config:tool declares exec permission
  • set_config_value:tool declares exec permission
  • read_file:tool declares network permission
  • read_file:tool declares exec permission
  • list_directory:tool declares exec permission
  • search_files:tool declares network permission
  • search_files:tool declares exec permission
  • search_code:tool declares network permission
  • search_code:tool declares exec permission
  • execute_command:tool declares exec permission
  • read_output:tool declares exec permission
  • force_terminate:tool declares exec permission
  • list_sessions:tool declares exec permission

  Rule: AS-002Fix: Tool requests broad permissions (exec/fs/network). Validate input parameters using Enums where possible, and restrict file system operations to explicit allowed directories.
• HighScope Mismatch ×7

  • get_config:tool name "get_config" implies read-only operation but declares exec permission
  • read_file:tool name "read_file" implies read-only operation but declares exec permission
  • list_directory:tool name "list_directory" implies read-only operation but declares exec permission
  • search_files:tool name "search_files" implies read-only operation but declares exec permission
  • search_code:tool name "search_code" implies read-only operation but declares exec permission
  • read_output:tool name "read_output" implies read-only operation but declares exec permission
  • list_sessions:tool name "list_sessions" implies read-only operation but declares exec permission

  Rule: AS-003Fix: Ensure tool names, descriptions, and permission declarations are internally consistent. Use explicit naming conventions that fully reflect actual capabilities.
• MediumExcessive Permission Surface ×13

  • get_config:tool declares fs permission
  • set_config_value:tool declares fs permission
  • read_file:tool declares fs permission
  • read_multiple_files:tool declares fs permission
  • write_file:tool declares fs permission
  • create_directory:tool declares fs permission
  • list_directory:tool declares fs permission
  • move_file:tool declares fs permission
  • search_files:tool declares fs permission
  • search_code:tool declares fs permission
  • get_file_info:tool declares fs permission
  • edit_block:tool declares fs permission
  • execute_command:tool declares fs permission

  Rule: AS-002Fix: Tool requests broad permissions (exec/fs/network). Validate input parameters using Enums where possible, and restrict file system operations to explicit allowed directories.
• LowDoS Resilience — Missing Rate Limit / Timeout ×6

  • get_config:tool performs network or execution operations but declares no rate-limit, timeout, or retry configuration
  • set_config_value:tool performs network or execution operations but declares no rate-limit, timeout, or retry configuration
  • read_file:tool performs network or execution operations but declares no rate-limit, timeout, or retry configuration
  • list_directory:tool performs network or execution operations but declares no rate-limit, timeout, or retry configuration
  • force_terminate:tool performs network or execution operations but declares no rate-limit, timeout, or retry configuration
  • list_sessions:tool performs network or execution operations but declares no rate-limit, timeout, or retry configuration

  Rule: AS-011Fix: Declare explicit rate-limit, timeout, and retry configuration for all network and execution tools. Implement exponential back-off and surface resource state to the calling agent.