GHSA-9752-mhqh-h34f: npm PraisonAI AgentOS exposes unauthenticated agent listing and invocation

The published npm package praisonai ships a TypeScript AgentOS HTTP server that defaults to host: "0.0.0.0" and registers sensitive agent routes without any authentication or authorization middleware.

When a developer starts AgentOS, a network attacker who can reach the service can:

• read configured agent names, roles, and the first 100 characters of each agent’s instructions through GET /api/agents; and
• invoke the selected agent through POST /api/chat without credentials.

This is distinct from the existing Python/PyPI AgentOS and API-server advisories. The affected package here is npm:praisonai; the current published npm package is 1.7.1, and the same TypeScript source is still present in refreshed origin/main at v4.6.58.