AI Security Review
scanned 5h ago · by lpm-firewall-aiNo confirmed malicious install-time attack surface was found. Runtime exposes powerful AI-agent, shell, MCP, browser, and remote-device capabilities once the user starts the bridge, with token gating and product-aligned behavior.
Decision evidence
public snapshot- server.js starts a local bridge with token-protected shell, Codex, MCP, remote-device, and file APIs.
- remote-hub.js defaults RemoteHub host to 0.0.0.0, exposing a paired remote-agent TCP/WebSocket surface at runtime.
- server.js can launch bundled remote-fast binaries or npx -y @mindexec/remote@latest for managed remote-agent connections.
- codex-runtime.js creates an isolated Codex home under ~/.mindexec/codex-runtime and can spawn codex with user-selected sandbox/approval settings.
- server.js can read/store Supabase auth session under ~/.mindexec-ai/auth and use it for remote registry/realtime coordination.
- package.json postinstall only runs scripts/setup-tree-sitter-grammars.mjs.
- scripts/setup-tree-sitter-grammars.mjs only ensures packaged tree-sitter WASM files are present under tree-sitter-grammars/.
- Bridge HTTP server listens on 127.0.0.1, and protected routes require X-Bridge-Token/Authorization token.
- No install-time writes to foreign AI-agent control surfaces such as .mcp.json, CLAUDE.md, Cursor, or global Codex config were found.
- No credential harvesting/exfiltration or destructive lifecycle behavior was found in inspected source.
- Network and shell capabilities are aligned with the declared MindExec local bridge/remote-agent product.
Source & flagged code
12 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgA single source file combines environment access, network access, and code or shell execution with blocking evidence.
server.jsView on unpkg · L18A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
server.jsView on unpkgPackage source references dynamic code evaluation.
wwwroot/assets/MindCanvas-RA-lRV7k.jsView on unpkg · L965Package source references dynamic require/import behavior.
wwwroot/assets/supabaseAuthAdapter-DjshhyTD.jsView on unpkg · L43Source launches a detached bundled service that exposes a broad-bound HTTP listener.
scripts/remote-fast-mdm-browser-smoke.mjsView on unpkg · L3Package ships native binary artifacts.
remote-fast/osx-x64/mindexec-remote-fastView on unpkgPackage ships WebAssembly modules.
tree-sitter-grammars/tree-sitter-go.wasmView on unpkgPackage ships non-JavaScript build or shell helper files.
start-bridge.batView on unpkg