AI Security Review
scanned 13h ago · by lpm-firewall-aiThe package is a local AI/runtime bridge with powerful user-invoked capabilities, not an install-time hijack. Risk is unresolved dangerous capability exposure through a local web bridge, Codex execution, shell/file APIs, and managed remote-agent launch paths.
Decision evidence
public snapshot- server.js exposes token-protected local APIs for file write/delete, shell execution, browser actions, Codex runs, and remote device control.
- server.js /api/status returns bridgeToken and allows package web origins including mindexec.pages.dev and mindexecution.pages.dev.
- server.js can launch managed RemoteAgent via bundled remote-fast or fallback npx -y @mindexec/remote@latest after remote-agent connect flows.
- codex-runtime.js creates ~/.mindexec/codex-runtime, copies ~/.codex/auth.json, and runs Codex SDK/CLI with caller-selected sandbox options.
- package.json postinstall only runs scripts/setup-tree-sitter-grammars.mjs to copy packaged tree-sitter WASM grammars.
- No install-time writes to foreign AI agent control files such as .mcp.json, CLAUDE.md, .claude, Cursor, or ~/.codex config.
- launch-bridge.cjs starts server.js only through explicit CLI/bin use and opens localhost app; it is not import-time execution.
- server.js validates file operations to workspace/project paths and protects high-risk routes with a bridge token by default.
- Network endpoints are package-aligned local bridge, model/search APIs, Supabase/app config, and remote-agent manager flows; no credential exfiltration sink was confirmed.
Source & flagged code
12 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgA single source file combines environment access, network access, and code or shell execution with blocking evidence.
server.jsView on unpkg · L18A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
server.jsView on unpkgPackage source references dynamic code evaluation.
wwwroot/assets/MindCanvas-DjH_VLkJ.jsView on unpkg · L813Package source references dynamic require/import behavior.
wwwroot/assets/supabaseAuthAdapter-D57zJK6k.jsView on unpkg · L43Source launches a detached bundled service that exposes a broad-bound HTTP listener.
scripts/remote-fast-mdm-browser-smoke.mjsView on unpkg · L3Package ships native binary artifacts.
remote-fast/osx-x64/mindexec-remote-fastView on unpkgPackage ships WebAssembly modules.
tree-sitter-grammars/tree-sitter-go.wasmView on unpkgPackage ships non-JavaScript build or shell helper files.
start-bridge.batView on unpkg