AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious install or import-time attack surface. Runtime is a local bridge application with powerful token-protected shell, file, Codex, browser, and remote-agent capabilities.
Decision evidence
public snapshot- server.js exposes token-protected local APIs for shell execution and workspace file writes/deletes
- server.js can launch bundled or npx @mindexec/remote agents when remote registry targets provide manager/pair data
- codex-runtime.js creates ~/.mindexec/codex-runtime and copies ~/.codex/auth.json for isolated Codex runs
- wwwroot/appsettings.json contains package service endpoints for Supabase/R2/web capture
- package.json postinstall only runs scripts/setup-tree-sitter-grammars.mjs
- scripts/setup-tree-sitter-grammars.mjs only creates tree-sitter-grammars and copies required .wasm grammar files
- server.js listens on 127.0.0.1 and protects shell/file/remote/codex routes with X-Bridge-Token by default
- launch-bridge.cjs starts server.js on user CLI invocation and opens localhost app only
- No install-time foreign AI-agent config mutation, credential exfiltration, or remote payload download found
Source & flagged code
13 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgA single source file combines environment access, network access, and code or shell execution with blocking evidence.
server.jsView on unpkg · L18A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
server.jsView on unpkgPackage source references dynamic code evaluation.
wwwroot/assets/MindCanvas-CzUqWNt2.jsView on unpkg · L644Package source references dynamic require/import behavior.
wwwroot/assets/supabaseAuthAdapter-D57zJK6k.jsView on unpkg · L43Source launches a detached bundled service that exposes a broad-bound HTTP listener.
scripts/remote-fast-mdm-browser-smoke.mjsView on unpkg · L3Package ships native binary artifacts.
remote-fast/osx-x64/mindexec-remote-fastView on unpkgPackage ships WebAssembly modules.
tree-sitter-grammars/tree-sitter-go.wasmView on unpkgPackage ships non-JavaScript build or shell helper files.
start-bridge.batView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
scripts/auth-session-smoke.mjsView on unpkg