AI Security Review
scanned 2h ago · by lpm-firewall-aiNo confirmed malicious install-time attack surface was found. The package is a local AI bridge with powerful runtime shell, file, auth, and remote-agent capabilities guarded by a bridge token.
Decision evidence
public snapshot- server.js exposes token-protected local shell execution at /api/shell/* via spawn('/bin/bash','-c',command).
- server.js starts a remote registry follower at bridge startup and can spawn bundled/npx @mindexec/remote agents from registry manager endpoints.
- server.js reads/stores Supabase auth sessions under .mindexec-ai/.mindexec auth paths and may refresh sessions against Supabase.
- Package ships native remote-fast binaries under remote-fast/* and can execute them with --version preflight and connect args.
- package.json postinstall only runs scripts/setup-tree-sitter-grammars.mjs, which copies packaged tree-sitter WASM grammars into tree-sitter-grammars.
- Bridge binds to 127.0.0.1 and protected routes require X-Bridge-Token/Authorization by default.
- Dangerous shell/file/remote-agent behavior is runtime API/CLI functionality, not install-time execution.
- Network endpoints are product-aligned: localhost CompanyCore, configured Supabase, mindexec pages/workers, YouTube/search APIs.
- scripts/ai-task-schedule-smoke.mjs is a test smoke script using temp dirs and a local bridge token, not a lifecycle hook.
Source & flagged code
13 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgA single source file combines environment access, network access, and code or shell execution with blocking evidence.
server.jsView on unpkg · L18A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
server.jsView on unpkgPackage source references dynamic code evaluation.
wwwroot/assets/canvas-ai-task-core-OAgBsdEZ.jsView on unpkg · L1478Package source references dynamic require/import behavior.
wwwroot/assets/supabaseAuthAdapter-N7TUEeTE.jsView on unpkg · L43Source launches a detached bundled service that exposes a broad-bound HTTP listener.
scripts/remote-fast-mdm-browser-smoke.mjsView on unpkg · L3Package ships native binary artifacts.
remote-fast/osx-x64/mindexec-remote-fastView on unpkgPackage ships WebAssembly modules.
tree-sitter-grammars/tree-sitter-go.wasmView on unpkgPackage ships non-JavaScript build or shell helper files.
start-bridge.batView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
scripts/ai-task-schedule-smoke.mjsView on unpkg