Darpana is intended for use on a trusted home LAN. The host listens on 0.0.0.0:7880 and accepts authenticated-by-network-only WebSocket commands that synthesize keyboard input and mouse clicks on the host PC. Anyone on the same LAN can connect and drive Apple Music or, via the text and key messages, type arbitrary input wherever the host has keyboard focus.

Do not run the host on a network that includes untrusted devices. There is no authentication, and encryption is by self-signed cert (only prevents passive eavesdropping, not active MITM).

Email the maintainer at rajagopal.jagannathan@gmail.com with details. Please do not file a public GitHub issue for security-relevant reports until they're acknowledged and fixed.