cloud-local-bridge
Fail
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONCREDENTIALS_UNSAFEREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The
bridge_server.pyscript implements a/executeendpoint that receives commands from remote requests and executes them usingsubprocess.run(command, shell=True). This provides a full remote shell to any authenticated user without any command filtering or restriction. - [DATA_EXFILTRATION]: The
/fileendpoint inbridge_server.pyallows remote clients to read or write files at arbitrary paths (e.g.,handle_filemethod usesopen(file_path, 'rb/wb')directly from request data). There is no path sanitization, allowing for arbitrary file read/write across the entire host file system. - [CREDENTIALS_UNSAFE]: The pairing logic in
qq_handler.pyandpairing_core.pyfacilitates the exchange of thelocal_token(authentication secret) between devices. This token is stored in the pairing state and transmitted to the partner device upon confirmation of a 6-digit pairing code, exposing the secret if the communication channel or pairing code is compromised. - [REMOTE_CODE_EXECUTION]: The
sync_files.pyscript uses thepicklemodule to load a local cache file (.sync_cache.pkl). Loading untrusted or tampered pickle files can lead to arbitrary code execution. - [EXTERNAL_DOWNLOADS]: The
scripts/installer/install_and_run.pyscript automatically installs Python dependenciesrequestsandpsutilviapipduring the installation process.
Recommendations
- AI detected serious security threats
Audit Metadata