AI Security Review
scanned 12h ago · by lpm-firewall-aiThe package is a local AI bridge with dangerous user-invoked capabilities, not confirmed malware. Runtime APIs can execute shell commands, run Codex, proxy remote device control, and expose an externally reachable RemoteHub gated by a pairing token.
Decision evidence
public snapshot- server.js exposes token-gated local APIs for shell execution and Codex task execution.
- remote-hub.js starts a RemoteHub on 0.0.0.0:5199 by default with pair-token authentication.
- codex-runtime.js can create isolated CODEX_HOME under ~/.mindexec/codex-runtime and launch Codex SDK/CLI on API request.
- server.js /api/status returns bridgeToken, but HTTP server binds to 127.0.0.1 only.
- package.json postinstall only runs scripts/setup-tree-sitter-grammars.mjs to copy packaged tree-sitter WASM files into tree-sitter-grammars.
- No install-time writes to foreign AI-agent control surfaces such as .mcp.json, CLAUDE.md, Cursor, or user Codex config by default.
- launch-bridge.cjs is user-invoked CLI startup; it spawns server.js and optionally opens localhost app.
- No credential exfiltration or remote payload download found in inspected entrypoints.
Source & flagged code
12 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgA single source file combines environment access, network access, and code or shell execution with blocking evidence.
server.jsView on unpkg · L18A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
server.jsView on unpkgPackage source references dynamic code evaluation.
wwwroot/assets/MindCanvas-B_AEKjX6.jsView on unpkg · L817Package source references dynamic require/import behavior.
wwwroot/assets/supabaseAuthAdapter-D57zJK6k.jsView on unpkg · L43Source launches a detached bundled service that exposes a broad-bound HTTP listener.
scripts/remote-fast-mdm-browser-smoke.mjsView on unpkg · L3Package ships native binary artifacts.
remote-fast/osx-x64/mindexec-remote-fastView on unpkgPackage ships WebAssembly modules.
tree-sitter-grammars/tree-sitter-go.wasmView on unpkgPackage ships non-JavaScript build or shell helper files.
start-bridge.batView on unpkg