High-risk tools in Zahori
3 of the 6 tools in Zahori are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
zahori_probeExecuteOpen a page and gather everything needed to author a profile: media requests seen, iframes, play/consent elements, and whether the generic flow already works. Use this before pr...
-
zahori_test_profileExecuteRun a candidate profile against a URL and grade the result with the oracle. ok=true only when a stream was captured AND the oracle confirms it is real media. Iterate on the prof...
-
zahori_validateExecuteRun the oracle on a resolved stream (url + headers) to check it is real media (decodes, has real audio, plausible length).
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.