UI-TARS-desktop

Critical Vulnerability: The `NutJSOperator` (used for local computer control) directly uses `eval()` on an `expression` that can originate from LLM-generated content (`calculatorTool`). This allows for arbitrary code execution, posing a severe risk if the LLM is compromised or jailbroken. The inline comment `// 注意：生产环境中使用安全的数学计算器` (Note: use a safe calculator in production) acknowledges this risk but does not mitigate it in the provided code. High Risk GUI Automation: As a GUI agent, it has the capability to control the user's mouse, keyboard, and screen. If maliciously prompted, it could interact with critical applications, delete files, or exfiltrate sensitive data. Hardcoded Private Key: The `apps/ui-tars/src/main/remote/app_private.ts` (implied by name and usage patterns seen in `auth.ts`) suggests a hardcoded application private key (`appPrivateKeyBase64`). Distributing a private key in a client-side application (Electron app) is a major security flaw, as it can be extracted and misused for impersonation or unauthorized access to remote services. Supply Chain Risk (Remote Presets): The CLI can fetch preset configurations from remote URLs (`gui-agent/cli/src/cli/start.ts`). If a remote server is compromised, it could serve malicious configurations. Third-Party Trust: Relies on ByteDance's remote proxy services for some "free" and "subscription" remote computer/browser operators, introducing a dependency on external infrastructure's security and trustworthiness.