CVMA20-7
by zerovizboss
Overview
A mobile Android application that facilitates remote approval of prompts and decisions generated by Claude Code sessions via a local WebSocket bridge, enhancing the developer's AI coding workflow.
Installation
node claude_ws_bridge.jsSecurity Notes
CRITICAL VULNERABILITY: The `src/lwc/queryExecutorMVP/queryExecutorMVP.js` Salesforce Lightning Web Component allows users to input and execute arbitrary JavaScript code using `new Function()`. While there are regex-based sanitization attempts (e.g., blocking `eval`, `window`, `document`), these are highly insufficient and easily bypassable. This presents a severe remote code execution vulnerability, allowing potential data exfiltration, UI manipulation, or other breaches within the Salesforce Lightning environment. Additionally, a Firebase API key is hardcoded in `firebase-config.json`, which is a security anti-pattern.
Similar Servers
mcp-server-salesforce
Enable natural language interactions and automation with Salesforce data and metadata for AI models.
cloudrun-claude-code
A production-ready Cloud Run service that executes Claude Code tasks in isolated jobs, enabling AI-driven code analysis, development, and automation with secure credential handling and post-execution actions.
claude-code-buddy
An intelligent AI Agent orchestration system for Claude Code, focusing on smart task routing, prompt enhancement, project memory, workflow guidance, and planning, presented via a real-time terminal UI dashboard.
cldcde
A persistent context manager that scrapes, stores, searches, and analyzes AI conversations from various platforms (ChatGPT, Grok, Gemini, Claude) to support project development and insights.