VibeTunnel - access terminal from the browser to command agents
5 points by amorfati
5 points by amorfati
Surely combining the complexity of a browser with access to a local shell won’t result in new and horrifying security issues.
I wonder how long until someone gets pwned because they had this set up insecurely or got tricked into installing a sketchy extension or something.
You have to go out of your way to run it without password protection. I’m however curious what exactly your concern is here in particular with the way we handle security.
In general, my issue is that by allowing terminal access via a web browser, you’ve exposed the user’s local shell to all the attack surface of a browser.
More specifically I am concerned about someone downloading a sketchy extension (e.g. “free AI coding tool!”) and that extension secretly checking for VibeTunnel windows. And then doing nefarious things in the background.