web-eval-agent

Multiple critical security vulnerabilities exist: 1. Cross-Origin Resource Sharing (CORS) is explicitly set to `*` for the Flask-SocketIO server (`cors_allowed_origins='*'`), allowing any website to connect to the local server running on `127.0.0.1:5009`. This allows a malicious website visited by the agent to send arbitrary `agent_control` or `browser_input` events, potentially taking full control of the agent's actions (clicks, keypresses, pause/stop). 2. The browser is launched with `BrowserConfig(disable_security=True)` when using `browser-use` library (`browser_utils.py`), and `launch_persistent_context` is launched with `--no-sandbox` argument (`tool_handlers.py`). Disabling browser security and running without a sandbox exposes the host system to significant risks if the agent navigates to a malicious or compromised web application. 3. A hardcoded, weak `SECRET_KEY` ('secret!') is used for Flask sessions in `log_server.py`, making session-based attacks trivial. 4. Suppressing `stdout` and `stderr` in `log_server.py` hinders auditing and makes it harder to detect anomalous behavior.