AI Security Review
scanned 11h ago · by lpm-firewall-aiNo confirmed malicious install-time attack surface was found. The package is a high-capability user-invoked local AI bridge with file, shell, Codex, browser, remote-agent, and network features; the default RemoteHub bind to 0.0.0.0 leaves residual exposure risk.
Decision evidence
public snapshot- server.js exposes token-protected local file write/delete and shell execution APIs when user starts bridge
- remote-hub.js default host is 0.0.0.0, creating an externally reachable TCP RemoteHub unless configured otherwise
- codex-runtime.js creates an isolated Codex home under ~/.mindexec/codex-runtime and can spawn codex on user requests
- server.js can call external model/search endpoints and optional Supabase registry when configured/authenticated
- package.json postinstall only runs scripts/setup-tree-sitter-grammars.mjs
- scripts/setup-tree-sitter-grammars.mjs only creates package tree-sitter-grammars/ and copies missing WASM grammar files
- No install-time server launch, credential exfiltration, foreign AI-agent config planting, or persistence hook found
- launch-bridge.cjs starts server only via user CLI/bin invocation and binds main HTTP bridge to 127.0.0.1
- Protected bridge routes require X-Bridge-Token/Authorization by default
- Dangerous capabilities are documented in README as local bridge/remote-agent product features
Source & flagged code
12 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgA single source file combines environment access, network access, and code or shell execution with blocking evidence.
server.jsView on unpkg · L18A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
server.jsView on unpkgPackage source references dynamic code evaluation.
wwwroot/assets/MindCanvas-CDXrye6B.jsView on unpkg · L817Package source references dynamic require/import behavior.
wwwroot/assets/supabaseAuthAdapter-D57zJK6k.jsView on unpkg · L43Source launches a detached bundled service that exposes a broad-bound HTTP listener.
scripts/remote-fast-mdm-browser-smoke.mjsView on unpkg · L3Package ships native binary artifacts.
remote-fast/osx-x64/mindexec-remote-fastView on unpkgPackage ships WebAssembly modules.
tree-sitter-grammars/tree-sitter-go.wasmView on unpkgPackage ships non-JavaScript build or shell helper files.
start-bridge.batView on unpkg