TARILIO
by electronart
Overview
Desktop information retrieval with an integrated AI assistant, local LLM server, and Hugging Face LLM download capabilities, functioning as an MCP Client.
Installation
dotnet run --project eSearchSecurity Notes
The `setInnerHTML` function in `browser_init.js` is used to inject `customRenderHtml`, `CSS`, and `JS` provided by `window.ExtrasProvider`. If the content supplied by `ExtrasProvider` is derived from untrusted sources (e.g., user-provided documents, remote servers, or maliciously crafted local files), this presents a significant Cross-Site Scripting (XSS) vulnerability. The `tiff.min.js` file is a minified Emscripten output, making its underlying C/C++ code difficult to audit for security without original source. While `link_handler.js` properly opens external links in a separate browser, the overall dynamic content injection mechanism without explicit sanitization makes it risky.
Similar Servers
5ire
A desktop AI assistant client that integrates with various LLM providers and connects to Model Context Protocol (MCP) servers for extended tool-use and knowledge base capabilities.
seline
A backend API server for managing and executing ComfyUI workflows, capable of dynamically generating API endpoints for workflows, building Docker containers for custom nodes and models, and providing an execution queue. It integrates with the Model Context Protocol (MCP) to expose its capabilities to client applications.
blz
Provides fast, local documentation search and retrieval for AI agents, using llms.txt files for line-accurate citations.
UI-TARS-desktop
A GUI Agent application allowing users to control their computer and perform tasks using natural language, leveraging Vision-Language Models (VLMs) and Multi-Channel Processing (MCP) for interaction.