You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Reads entire image into memory via arrayBuffer() with no size limit. 500MB image = OOM kill.
11. Tool JSON parsing has no error handling
File:src/commands/text/chat.ts:136-145
Tries JSON.parse, falls back to readFileSync. Missing file or invalid JSON = uncaught exception.
12. Disk full during file write
Files:src/output/audio.ts, src/files/download.ts
Neither writeFileSync nor createWriteStream handles ENOSPC. Partial corrupt files left behind.
Medium — Correctness Bugs
13. File ID heuristic is wrong
File:src/commands/vision/describe.ts:76-77
Uses "no dot and not http" to detect file IDs. UUIDs, filenames with dashes, dotless filenames all misclassified.
14. Voice language filter is too greedy
File:src/commands/speech/voices.ts:18
Case-insensitive substring match means --language ch matches Chinese, Czech, and Icelandic. No "no results found" feedback.
15. Region detection falls back silently
File:src/config/detect-region.ts:10-21
Probes quota endpoint. If a CN-only key fails the global probe, defaults to 'global' — user gets cryptic errors on every subsequent command.
16. File overwrite without warning
File:src/commands/image/generate.ts:152-163
Silently overwrites existing files. Batch failures leave partial state with no rollback.
17. --output json ignored in quiet mode
File:src/commands/image/generate.ts:165-167
Dumps raw file paths even when user requested JSON output.
Medium — Missing Validation
18. No flag value validation anywhere
Flag parsing accepts anything: --timeout abc becomes NaN, --region invalid passes through, --max-tokens 999999999 is unchecked. Crashes happen downstream, not at the boundary.
19. No request timeout on token refresh
File:src/auth/refresh.ts
HTTP call with no timeout. Unresponsive server = CLI hangs forever.
20. No request timeout on polling
File:src/polling/poll.ts
requestJson() calls during task status checks have no per-request timeout.
21. No size validation before base64 encoding
File:src/commands/image/generate.ts:122-125
Reads reference image with readFileSync and base64-encodes without file size check.
22. SSE stream never validates content-type
File:src/client/stream.ts
Assumes response body is text SSE. HTML error pages are parsed as SSE, producing garbage output.
From codex:
Critical — Security Vulnerabilities
1. Shell injection via OAuth URL
src/auth/oauth.ts:53exec(). A crafted URL can execute arbitrary shell commands.execFile()orchild_process.spawn()instead.2. Plaintext credential storage
src/auth/credentials.ts~/.mmx/.catcommand = full account takeover.keytar,securityon macOS).3. Insecure file permissions are warnings, not errors
src/auth/credentials.ts:39-500o644on credential files, logs a warning, and continues.High — Silent Failures & Data Corruption
4. Streaming errors silently swallowed
src/commands/text/chat.ts:1945. Concurrent token refresh corrupts credentials
src/auth/credentials.ts,src/auth/refresh.tsmmxinvocations both read the same refresh token, both call the token endpoint, one invalidates the other's.6. Network truncation goes undetected
src/files/download.ts:17contentLengthto 0 when header is missing. Never compares received bytes vs expected. User gets a truncated file and thinks it succeeded.7. Polling discards API failure context
src/polling/poll.ts:35-40'Task failed.'with zero detail from the API response. Users cannot diagnose why video/music generation failed.8. Corrupted credentials return null silently
src/auth/credentials.ts:15-21nullwith a stderr warning. Non-interactive callers get silent auth failure.High — Crash Bugs (Unhandled Exceptions)
9. Non-null assertion on API audio data
src/output/audio.ts:23response.data.audio!— null/undefined audio = runtime crash. Odd-length hex string =Buffer.fromthrows.10. Base64 memory bomb
src/commands/vision/describe.ts:29-35arrayBuffer()with no size limit. 500MB image = OOM kill.11. Tool JSON parsing has no error handling
src/commands/text/chat.ts:136-145JSON.parse, falls back toreadFileSync. Missing file or invalid JSON = uncaught exception.12. Disk full during file write
src/output/audio.ts,src/files/download.tswriteFileSyncnorcreateWriteStreamhandles ENOSPC. Partial corrupt files left behind.Medium — Correctness Bugs
13. File ID heuristic is wrong
src/commands/vision/describe.ts:76-7714. Voice language filter is too greedy
src/commands/speech/voices.ts:18--language chmatches Chinese, Czech, and Icelandic. No "no results found" feedback.15. Region detection falls back silently
src/config/detect-region.ts:10-21'global'— user gets cryptic errors on every subsequent command.16. File overwrite without warning
src/commands/image/generate.ts:152-16317.
--output jsonignored in quiet modesrc/commands/image/generate.ts:165-167Medium — Missing Validation
18. No flag value validation anywhere
--timeout abcbecomesNaN,--region invalidpasses through,--max-tokens 999999999is unchecked. Crashes happen downstream, not at the boundary.19. No request timeout on token refresh
src/auth/refresh.ts20. No request timeout on polling
src/polling/poll.tsrequestJson()calls during task status checks have no per-request timeout.21. No size validation before base64 encoding
src/commands/image/generate.ts:122-125readFileSyncand base64-encodes without file size check.22. SSE stream never validates content-type
src/client/stream.ts