AI Security Review
scanned 12h ago · by lpm-firewall-aiNo confirmed malicious install-time attack surface. The package is a local AI bridge with powerful user-invoked shell, Codex, MCP, remote-device, filesystem, and auth-session features that warrant warning rather than block.
Decision evidence
public snapshot- Runtime bridge exposes token-protected shell execution and Codex run APIs in server.js.
- codex-runtime.js creates ~/.mindexec/codex-runtime, copies ~/.codex/auth.json if present, and can spawn codex exec for user requests.
- remote-hub.js starts a RemoteHub by default and can be made externally reachable via REMOTE_HUB_HOST/public endpoint env vars.
- server.js and codex-runtime.js read home auth/config paths, including ~/.codex/config.toml and MindExec auth session files.
- package.json postinstall only runs scripts/setup-tree-sitter-grammars.mjs, which copies tree-sitter WASM grammars into package-owned tree-sitter-grammars/.
- No install-time writes to .mcp.json, CLAUDE.md, .claude, shell startup files, VCS hooks, or foreign agent control surfaces found.
- launch-bridge.cjs is an explicit CLI/bin launcher; server.js dangerous capabilities are activated by running the local bridge, not import/install.
- Protected routes require X-Bridge-Token by default; disabling auth requires BRIDGE_REQUIRE_TOKEN=off.
- Port cleanup only targets existing MindExec/LocalBridge listeners unless BRIDGE_FORCE_KILL_PORT_OWNER is explicitly set.
Source & flagged code
12 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgA single source file combines environment access, network access, and code or shell execution with blocking evidence.
server.jsView on unpkg · L18A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
server.jsView on unpkgPackage source references dynamic code evaluation.
wwwroot/assets/MindCanvas-mZsF36oK.jsView on unpkg · L817Package source references dynamic require/import behavior.
wwwroot/assets/supabaseAuthAdapter-D57zJK6k.jsView on unpkg · L43Source launches a detached bundled service that exposes a broad-bound HTTP listener.
scripts/remote-fast-mdm-browser-smoke.mjsView on unpkg · L3Package ships native binary artifacts.
remote-fast/osx-x64/mindexec-remote-fastView on unpkgPackage ships WebAssembly modules.
tree-sitter-grammars/tree-sitter-go.wasmView on unpkgPackage ships non-JavaScript build or shell helper files.
start-bridge.batView on unpkg