AI Security Review
scanned 11h ago · by lpm-firewall-aiNo confirmed malware or unconsented install-time control-surface hijack was found. The package is a powerful local AI/remote-control bridge with default runtime listeners, shell/file APIs, Codex execution, and optional managed remote-agent spawning.
Decision evidence
public snapshot- server.js top-level awaits startBridgeServer(), so main/import runs a local bridge.
- remote-hub.js defaults RemoteHub enabled on 0.0.0.0:5199 with pairing token.
- server.js exposes token-protected file write/delete and shell execution APIs.
- server.js remote registry follower is enabled by default after startup and can spawn @mindexec/remote@latest when authenticated registry target exists.
- codex-runtime.js creates ~/.mindexec/codex-runtime, copies ~/.codex/auth.json if present, and spawns codex exec for API-driven runs.
- package.json postinstall only runs scripts/setup-tree-sitter-grammars.mjs to copy packaged WASM grammars.
- HTTP bridge binds to 127.0.0.1 and protected routes require X-Bridge-Token by default.
- No install-time writes to foreign AI-agent control surfaces such as .mcp.json, CLAUDE.md, or Codex config in project/home.
- No hardcoded exfiltration endpoint or credential harvesting loop found; remote Supabase use requires config/session.
- README documents local bridge, remote pairing, file/shell APIs, and Codex bridge behavior.
Source & flagged code
12 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgA single source file combines environment access, network access, and code or shell execution with blocking evidence.
server.jsView on unpkg · L18A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
server.jsView on unpkgPackage source references dynamic code evaluation.
wwwroot/assets/MindCanvas-DvbGvz29.jsView on unpkg · L817Package source references dynamic require/import behavior.
wwwroot/assets/supabaseAuthAdapter-DjshhyTD.jsView on unpkg · L43Source launches a detached bundled service that exposes a broad-bound HTTP listener.
scripts/remote-fast-mdm-browser-smoke.mjsView on unpkg · L3Package ships native binary artifacts.
remote-fast/osx-x64/mindexec-remote-fastView on unpkgPackage ships WebAssembly modules.
tree-sitter-grammars/tree-sitter-go.wasmView on unpkgPackage ships non-JavaScript build or shell helper files.
start-bridge.batView on unpkg