AI Security Review
scanned 14h ago · by lpm-firewall-aiNo confirmed malicious attack surface. The package is a local AI/workspace bridge with dangerous user-invoked capabilities guarded by a local token, while install-time behavior is limited to packaged grammar setup.
Decision evidence
public snapshot- server.js exposes local file, shell, MCP, Codex, browser, and remote-agent APIs when the bridge is explicitly run.
- codex-runtime.js can create an isolated Codex home under ~/.mindexec/codex-runtime and spawn codex for requested runs.
- remote-hub.js defaults a remote hub host constant to 0.0.0.0, but runtime bridge listens locally.
- package.json postinstall only runs scripts/setup-tree-sitter-grammars.mjs to copy packaged tree-sitter WASM files into tree-sitter-grammars/.
- launch-bridge.cjs is a user-invoked CLI that starts server.js and opens http://localhost:5167/mindcanvas.
- server.js protects dangerous bridge routes with X-Bridge-Token by default and listens on 127.0.0.1.
- No install-time writes to Claude/Codex/Cursor/MCP foreign control surfaces found.
- Network endpoints are product-aligned: localhost bridge, Supabase, OpenAI/OpenRouter, YouTube/search, and user-supplied MCP/proxy URLs.
- No credential harvesting or exfiltration path beyond configured product auth/session flows was confirmed.
Source & flagged code
12 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgA single source file combines environment access, network access, and code or shell execution with blocking evidence.
server.jsView on unpkg · L18A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
server.jsView on unpkgPackage source references dynamic code evaluation.
wwwroot/assets/MindCanvas-BjTuJ1_Q.jsView on unpkg · L813Package source references dynamic require/import behavior.
wwwroot/assets/supabaseAuthAdapter-D57zJK6k.jsView on unpkg · L43Source launches a detached bundled service that exposes a broad-bound HTTP listener.
scripts/remote-fast-mdm-browser-smoke.mjsView on unpkg · L3Package ships native binary artifacts.
remote-fast/osx-x64/mindexec-remote-fastView on unpkgPackage ships WebAssembly modules.
tree-sitter-grammars/tree-sitter-go.wasmView on unpkgPackage ships non-JavaScript build or shell helper files.
start-bridge.batView on unpkg