innerVoice

The server operates locally by default, binding to `localhost:3456`, which limits external network exposure. It correctly utilizes environment variables (`TELEGRAM_BOT_TOKEN`) for sensitive API keys, preventing hardcoding. The `spawnClaude` function executes shell commands (`claude`), but uses an array of arguments, mitigating direct command injection from user input. Project-specific `.env` files are loaded for spawned processes, which could be a risk if a malicious `.env` is registered by the user. The `PermissionRequest.sh` hook makes a local `curl` call, which is safe in its current form. Overall, the architecture is reasonably secure for its intended single-user, local-machine deployment, with primary risks related to user-supplied project paths or intentional misuse by the owner.