It seems to just be a leak of their sandboxed headless browser setup and the API code for controlling it. Obviously such a thing will run arbitrary JS from the web so inevitably there will be something like a browser sandbox exploit, and subsequent dump of its filesystem.
The leak doesn't seem to contain what Rabbit calls the LAM, their purported AI model for interacting with UIs. And what the leakers are claiming is that Rabbit's automation is just handwritten scripts which seems to be completely unsubstantiated. The rabbit secret sauce could still turn out to be a scam but I didn't see anything to corroborate any of the leakers' claims. Grepping the files I found no reference to doordash, uber eats or midjourney, only a path reference to what appears to be a spotify integration library, but the source for that isn't there.
The leak doesn't seem to contain what Rabbit calls the LAM, their purported AI model for interacting with UIs. And what the leakers are claiming is that Rabbit's automation is just handwritten scripts which seems to be completely unsubstantiated. The rabbit secret sauce could still turn out to be a scam but I didn't see anything to corroborate any of the leakers' claims. Grepping the files I found no reference to doordash, uber eats or midjourney, only a path reference to what appears to be a spotify integration library, but the source for that isn't there.