AI Security Review
scanned 2h ago · by lpm-firewall-aiNo confirmed malicious install-time behavior was found, but the runtime is a local AI bridge with dangerous user-invoked capabilities. Shell, file mutation, Codex execution, remote agent, browser, and network fetch/search APIs are exposed behind local bridge token controls.
Decision evidence
public snapshot- server.js exposes token-protected file write/delete and shell execution APIs under /api/file/* and /api/shell/*.
- server.js starts RemoteHub and managed RemoteAgent capability; remote-hub.js defaults host to 0.0.0.0.
- codex-runtime.js can create an isolated Codex home and spawn codex for user-requested agent runs.
- Package ships native remote-fast binaries and can launch them for remote agent connections.
- package.json postinstall only runs scripts/setup-tree-sitter-grammars.mjs.
- scripts/setup-tree-sitter-grammars.mjs only ensures tree-sitter WASM grammar files exist in package tree.
- server.js listens LocalBridge HTTP on 127.0.0.1 and protects dangerous routes with X-Bridge-Token by default.
- No install-time credential harvesting, exfiltration, destructive behavior, or foreign AI-agent config mutation found.
- External network use is product-aligned: search, model catalogs, embeddings, Supabase auth, RemoteHub/agent pairing.
Source & flagged code
12 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgA single source file combines environment access, network access, and code or shell execution with blocking evidence.
server.jsView on unpkg · L18A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
server.jsView on unpkgPackage source references dynamic code evaluation.
wwwroot/assets/canvas-ai-task-core-CFyG87bZ.jsView on unpkg · L1300Package source references dynamic require/import behavior.
wwwroot/assets/supabaseAuthAdapter-B11ktv5j.jsView on unpkg · L43Source launches a detached bundled service that exposes a broad-bound HTTP listener.
scripts/remote-fast-mdm-browser-smoke.mjsView on unpkg · L3Package ships native binary artifacts.
remote-fast/osx-x64/mindexec-remote-fastView on unpkgPackage ships WebAssembly modules.
tree-sitter-grammars/tree-sitter-go.wasmView on unpkgPackage ships non-JavaScript build or shell helper files.
start-bridge.batView on unpkg