Security Scan Results

# Security Audit Report: TermSwarm

**Application:** TermSwarm v1.1.0 — Electron desktop app that unifies terminal sessions, Claude Code AI conversations, and web preview into one workspace.
**Author:** Jonatan Vazquez (new GitHub account)
**Date:** 2026-02-25

---

## Executive Summary

TermSwarm has **significant security vulnerabilities** across all layers: the Electron main process, renderer, preload bridge, CI/CD pipeline, and build configuration. The most dangerous issue is that every Claude Code session runs with `--dangerously-skip-permissions`, combined with a disabled Chromium sandbox and unsecured webview tags — creating a chain from untrusted web content to arbitrary code execution with zero user approval.

**Total findings: 32 unique vulnerabilities**

| Severity | Count |
|----------|-------|
| Critical | 4     |
| High     | 9     |
| Medium   | 13    |
| Low      | 6     |


[SECURITY_AUDIT.md](https://github.com/user-attachments/files/25549081/SECURITY_AUDIT.md)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Security Scan Results #1

Security Audit Report: TermSwarm

Executive Summary

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Security Scan Results #1

Description

Security Audit Report: TermSwarm

Executive Summary

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions