Is Ui Tars Desktop safe to use?

Ui Tars Desktop is rated NOT_RECOMMENDED by SpiderRating. Ui Tars Desktop is not recommended — low score (5.33/10) with 11 critical issues.

What are the security risks of Ui Tars Desktop?

Key risk flags: ts_unsafe_eval (critical), child_process_injection (critical). Overall security score: 6.0/10 with 11 critical issues.

Are there safer alternatives to Ui Tars Desktop?

Similar tools include: ndthanhdev/mcp-browser-kit, b0tresch/b0tresch-stealth-browser, adspower/adspower-browser. View full comparison at spiderrating.com.

Ui Tars Desktop

bytedance/UI-TARS-desktopApache-2.0⭐ 28,794🔧 74 tools

F5.3SpiderScore (registry)

The Open-Source Multimodal AI Agent Stack: Connecting Cutting-Edge AI Models and Agent Infra

Use cases:browser-automation image-gen

⚠ Hard constraint applied: multiple critical issues forces F

Decision

Not Recommended

Confidence

90%

Ui Tars Desktop is not recommended — low score (5.33/10) with 11 critical issues.

Recommended Actions

high
Run In Container
11 critical vulnerabilities require isolation
high
Limit Permissions
Restrict tool access to minimum required scope

Do Not

✗running in production without container isolation
✗exposing this tool to untrusted input

Risk Flags (2)

critical
ts_unsafe_eval×7
Dynamic code execution via new Function() â€” user input may run arbitrary code
critical
child_process_injection×4
Command injection â€” child_process.exec() with template literal interpolation

How This Was Decided

positivew=0.5Overall quality score = 5.33/10 (grade F)
negativew=0.811 critical security issue(s) detected
negativew=0.3Tool description clarity score = 1.8/10

Source: SpiderRating automated security scanUpdated: 2026-03-13Protocol: v1.1

Description Quality

Composite: 1.8 / 10

3-Layer Breakdown

Description (38%)

1.8

Security (34%)

6.0

Metadata (28%)

9.3

Description Dimensions

Intent Clarity

2.5

Permission Scope

0.3

Side Effects

2.1

Capability Disclosure

2.5

Operational Boundaries

1.9

Security Analysis

6.0

Score

Critical

High

Medium

Low

Findings Redacted

Detailed security findings are hidden during the 90-day responsible disclosure window. Maintainers have been notified.

11 CRITICAL

Metadata Health

Provenance (40%)

10.0

Maintenance (35%)

8.0

Popularity (25%)

10.0

Badge

Add this badge to your README:

[![SpiderRating](https://spiderrating.com/badge/bytedance__UI-TARS-desktop.svg)](https://spiderrating.com/servers/bytedance/UI-TARS-desktop)

🛡️

Protect Your Agents

Get a free API key. Every MCP tool call checked against 15,923 rated servers in real-time.

Get Free API Key →

📊

Monitor All Your Servers

Dashboard for your entire MCP portfolio. Score tracking, alerts, and compliance reports.

Start Free Trial →

⭐

Scan Locally (Open Source)

Run SpiderShield on your own machine. 46+ security rules, zero data leaves your system.

Star on GitHub →

7.0C

B0Tresch Stealth Browserb0tresch/b0tresch-stealth-browser

6.9C

Autoclaw Browseraddogiavara-tech/autoclaw-browser

6.5C

Browser Use RsBB-fat/browser-use-rs

6.4D