AI Security Review
scanned 14h ago · by lpm-firewall-aiThe package is a local AI/workspace bridge with powerful user-invoked runtime capabilities, including shell execution, file mutation, arbitrary MCP calls, remote task control, and Codex launching. I did not find unconsented install-time agent-control hijacking or credential exfiltration.
Decision evidence
public snapshot- server.js exposes token-protected /api/shell/* and file write/delete APIs for the selected workspace.
- server.js /api/mcp/call forwards arbitrary JSON-RPC tool calls to caller-supplied http/https MCP server URLs.
- codex-runtime.js can launch Codex SDK/CLI and supports workspace-write/full-access sandbox modes via request options.
- codex-runtime.js creates an isolated Codex home under ~/.mindexec/codex-runtime and copies ~/.codex/auth.json if present.
- Package ships native remote-fast executables and exposes remote task/live-frame APIs.
- package.json postinstall only runs scripts/setup-tree-sitter-grammars.mjs to copy packaged tree-sitter WASM files into tree-sitter-grammars/.
- No lifecycle hook writes CLAUDE.md, .mcp.json, Codex/Cursor/Claude configs, shell startup files, VCS hooks, or autostart services.
- launch-bridge.cjs is a user-invoked CLI that starts local server.js and optionally opens localhost UI.
- Protected bridge routes require X-Bridge-Token/Bearer token by default.
- README documents the local bridge, shell/file APIs, remote hub, and Codex integration as product features.
Source & flagged code
12 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgA single source file combines environment access, network access, and code or shell execution with blocking evidence.
server.jsView on unpkg · L18A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
server.jsView on unpkgPackage source references dynamic code evaluation.
wwwroot/assets/MindCanvas-mYKh0s25.jsView on unpkg · L813Package source references dynamic require/import behavior.
wwwroot/assets/supabaseAuthAdapter-D57zJK6k.jsView on unpkg · L43Source launches a detached bundled service that exposes a broad-bound HTTP listener.
scripts/remote-fast-mdm-browser-smoke.mjsView on unpkg · L3Package ships native binary artifacts.
remote-fast/osx-x64/mindexec-remote-fastView on unpkgPackage ships WebAssembly modules.
tree-sitter-grammars/tree-sitter-go.wasmView on unpkgPackage ships non-JavaScript build or shell helper files.
start-bridge.batView on unpkg