hm_editor

1. **Critical: Remote Code Execution (RCE) / Cross-Client Command Injection via MCP WebSocket**: The `mcp-server.js` `tools/call` endpoint allows an authenticated user to specify a `sessionId` in the arguments, which is then used to send arbitrary tool calls (method and arguments) to *any* connected WebSocket client associated with that `sessionId`. There is no validation to ensure the provided `sessionId` belongs to the calling client, posing a severe risk of remote arbitrary code execution on other users' active editor instances. For example, `insertDataAtCursor` or `setDocContent` could be exploited to inject malicious HTML/JavaScript. 2. **Potential RCE via PDF Generation**: The `/getPdfPath` endpoint in `src/print.js` takes `req.body.html` directly as input for `wkhtmltopdf`. If the HTML content is untrusted and contains known vulnerabilities for web rendering engines, this could lead to Remote Code Execution on the server where `wkhtmltopdf` is executed. 3. **Hardcoded Credentials**: `DEEPSEEK_API_KEY` is expected as an environment variable, but its management outside of `.env` files (e.g., if committed to a repository) could expose sensitive credentials. 4. **File System Operations**: Direct file system operations (read/write/delete) are performed for mock data and PDF generation. While `path.join` is used to mitigate some directory traversal risks, the overall attack surface through these operations requires careful input sanitization to prevent unintended file manipulation.