Hi ByteDance/UI-TARS team,
I recently ran a security audit on UI-TARS-desktop as part of research on MCP/agent security posture across the ecosystem.
Found a couple of items worth flagging:
1. Tool description injection risk
Tool descriptions in the desktop agent environment aren't validated against adversarial patterns. Since UI-TARS gives an LLM direct control over desktop UI interactions, a poisoned tool description could redirect the agent into performing unintended desktop actions, exfiltrating screen content, or bypassing user confirmations.
2. Missing output sanitization
Screen content, UI element descriptions, and tool outputs returned to the model context aren't scanned for embedded injection patterns. A malicious webpage or application window could embed instructions in visible UI text that the agent acts on — a high-impact attack surface for a desktop automation agent.
Both are in a full audit report — 8-page PDF with CVSS ratings, EU AI Act mapping, and remediation steps — for $29 at luciferforge.github.io/mcp-security-audit/
Demo: https://luciferforge.github.io/mcp-audit-reports/
— Lucifer / LuciferForge Security
Hi ByteDance/UI-TARS team,
I recently ran a security audit on UI-TARS-desktop as part of research on MCP/agent security posture across the ecosystem.
Found a couple of items worth flagging:
1. Tool description injection risk
Tool descriptions in the desktop agent environment aren't validated against adversarial patterns. Since UI-TARS gives an LLM direct control over desktop UI interactions, a poisoned tool description could redirect the agent into performing unintended desktop actions, exfiltrating screen content, or bypassing user confirmations.
2. Missing output sanitization
Screen content, UI element descriptions, and tool outputs returned to the model context aren't scanned for embedded injection patterns. A malicious webpage or application window could embed instructions in visible UI text that the agent acts on — a high-impact attack surface for a desktop automation agent.
Both are in a full audit report — 8-page PDF with CVSS ratings, EU AI Act mapping, and remediation steps — for $29 at luciferforge.github.io/mcp-security-audit/
Demo: https://luciferforge.github.io/mcp-audit-reports/
— Lucifer / LuciferForge Security