A security analysis of open-source web UIs for Claude Code. Finding unauthenticated RCE, path traversal, and client-side auth bypasses in community projects.