frontmcp

The CodeCall plugin allows execution of user-provided AgentScript (JavaScript) in a sandboxed VM (`enclave-vm`). While inherently risky, the project implements strong security measures: 1. Sandboxing: Scripts run in `enclave-vm`, preventing direct access to Node.js internals like `process` or `require`. 2. Malicious Pattern Detection: Explicitly blocks use of `eval`, `Function` constructor, and dynamic `import` statements within the VM. 3. Self-Reference Guard: Prevents `codecall` meta-tools (like `codecall:execute`) from calling themselves, mitigating recursive attacks. 4. Tool Access Control: Configurable blacklists/whitelists restrict which tools can be invoked from within AgentScript. 5. Output Sanitization: Limits output size and removes stack traces to prevent data leakage and excessive payload sizes. 6. Script Size Limits: Scripts are constrained by length to prevent resource exhaustion. These comprehensive controls significantly mitigate the risks associated with executing untrusted code, making it reasonably safe for its intended purpose.