ida-headless-mcp

The server, by default, appears to lack strong authentication for its HTTP API (port 17300). While `scripts/inspector.sh` uses `DANGEROUSLY_OMIT_AUTH=true` for testing, this indicates a potential security gap if the server is exposed publicly without proper firewalling or additional authentication layers. The `ida_wrapper.py` allows importing external scripts (`script.json`, `il2cpp.h`, `addNames.py`) via the `import_il2cpp` and `import_flutter` tools. Although `addNames.py` is parsed by regex rather than directly `eval`-ed, processing arbitrary external scripts in the IDA context still poses a risk of unexpected or malicious IDA API calls if input sources are untrusted. Certain search functions, while having pagination limits, could potentially be optimized further to prevent excessive resource consumption in extreme cases, though current limits (1000/10000) offer some protection.