AI Security Review
scanned 13h ago · by lpm-firewall-aiNo confirmed malicious install-time behavior was found. The package is a local AI/remote bridge with powerful user-invoked runtime APIs, including shell execution, workspace file mutation, Codex execution, and a default externally bound RemoteHub.
Decision evidence
public snapshot- server.js exposes token-protected file write/delete and shell execution APIs under /api/file, /api/dir, /api/shell.
- codex-runtime.js can spawn the codex CLI and creates an isolated CODEX_HOME under ~/.mindexec/codex-runtime.
- remote-hub.js starts RemoteHub by default and binds to 0.0.0.0:5199 unless disabled/overridden.
- server.js starts RemoteHub during runtime startup and persists remote hub identity under the package auth profile.
- package.json postinstall only runs scripts/setup-tree-sitter-grammars.mjs to ensure packaged tree-sitter WASM files exist.
- launch-bridge.cjs is an explicit CLI launcher; it starts server.js only when mindexec/npx/start is invoked.
- server.js binds the main LocalBridge HTTP server to 127.0.0.1 and protects high-risk routes with X-Bridge-Token by default.
- No install-time writes to foreign AI-agent control files such as .mcp.json, CLAUDE.md, Cursor, or ~/.codex config were found.
- Network endpoints are product-aligned local bridge, remote hub, model/search APIs, and documented CompanyCore proxy settings.
Source & flagged code
12 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgA single source file combines environment access, network access, and code or shell execution with blocking evidence.
server.jsView on unpkg · L18A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
server.jsView on unpkgPackage source references dynamic code evaluation.
wwwroot/assets/MindCanvas-CE4Iw00D.jsView on unpkg · L813Package source references dynamic require/import behavior.
wwwroot/assets/supabaseAuthAdapter-D57zJK6k.jsView on unpkg · L43Source launches a detached bundled service that exposes a broad-bound HTTP listener.
scripts/remote-fast-mdm-browser-smoke.mjsView on unpkg · L3Package ships native binary artifacts.
remote-fast/osx-x64/mindexec-remote-fastView on unpkgPackage ships WebAssembly modules.
tree-sitter-grammars/tree-sitter-go.wasmView on unpkgPackage ships non-JavaScript build or shell helper files.
start-bridge.batView on unpkg