AI Security Review
scanned 15h ago · by lpm-firewall-aiNo confirmed malicious install-time behavior was found. Residual risk is a high-capability user-invoked local/remote AI bridge with shell, filesystem, MCP, Codex, browser, and remote-agent controls.
Decision evidence
public snapshot- server.js exposes protected local APIs for shell execution, file write/delete, MCP calls, and Codex runs when user starts the bridge.
- remote-hub.js starts a TCP RemoteHub on 0.0.0.0:5199 by default with pair-token authentication for remote agents.
- codex-runtime.js can create ~/.mindexec/codex-runtime and copy Codex auth.json into that isolated runtime home for agent runs.
- server.js fetches model/catalog or service data from openrouter.ai, api.imagerouter.io, Supabase URLs, YouTube, and configured MCP/server URLs at runtime.
- package.json postinstall only runs scripts/setup-tree-sitter-grammars.mjs, which copies tree-sitter WASM grammars into tree-sitter-grammars/.
- No install-time writes to foreign AI agent control files such as .mcp.json, CLAUDE.md, Cursor/Codex settings, or shell startup files were found.
- launch-bridge.cjs is user-invoked CLI startup; it spawns server.js, sets WORKSPACE_PATH, and optionally opens localhost UI.
- server.js binds the main bridge HTTP server to 127.0.0.1 and requires X-Bridge-Token for protected routes by default.
- Workspace file APIs validate paths under the workspace or opened project root before read/write/delete.
- No concrete credential harvesting or unsolicited exfiltration path was found in inspected source.
Source & flagged code
12 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgA single source file combines environment access, network access, and code or shell execution with blocking evidence.
server.jsView on unpkg · L18A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
server.jsView on unpkgPackage source references dynamic code evaluation.
wwwroot/assets/MindCanvas-BkaDAmkW.jsView on unpkg · L644Package source references dynamic require/import behavior.
wwwroot/assets/supabaseAuthAdapter-D57zJK6k.jsView on unpkg · L43Source launches a detached bundled service that exposes a broad-bound HTTP listener.
scripts/remote-fast-mdm-browser-smoke.mjsView on unpkg · L3Package ships native binary artifacts.
remote-fast/osx-x64/mindexec-remote-fastView on unpkgPackage ships WebAssembly modules.
tree-sitter-grammars/tree-sitter-go.wasmView on unpkgPackage ships non-JavaScript build or shell helper files.
start-bridge.batView on unpkg