AI Security Review
scanned 10h ago · by lpm-firewall-aiNo confirmed malicious attack surface was established. The package is a user-launched local AI bridge with powerful but package-aligned shell, remote, and Codex features behind token checks.
Decision evidence
public snapshot- package.json has postinstall: npm run setup:grammars
- launch-bridge.cjs bin spawns server.js and can open localhost app on user invocation
- server.js exposes protected bridge routes including /api/shell, /api/remote, /api/codex
- codex-runtime.js can create ~/.mindexec/codex-runtime and spawn codex for requested agent runs
- remote-fast/ ships native binaries and tree-sitter-grammars/ ships wasm assets
- scripts/setup-tree-sitter-grammars.mjs only mkdir/copyFile package-local tree-sitter wasm files
- No lifecycle writes to Claude/Codex/Cursor/MCP configs, shell startup files, VCS hooks, or autostart entries found
- Bridge routes are gated by X-Bridge-Token/Bearer token by default
- Codex runtime uses isolated ~/.mindexec/codex-runtime by default and does not inherit MCP servers unless explicitly configured
- No credential harvesting or hardcoded exfiltration endpoint found; observed network defaults are localhost/configurable
Source & flagged code
12 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgA single source file combines environment access, network access, and code or shell execution with blocking evidence.
server.jsView on unpkg · L18A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
server.jsView on unpkgPackage source references dynamic code evaluation.
wwwroot/assets/MindCanvas-D6kP0t18.jsView on unpkg · L817Package source references dynamic require/import behavior.
wwwroot/assets/supabaseAuthAdapter-DjshhyTD.jsView on unpkg · L43Source launches a detached bundled service that exposes a broad-bound HTTP listener.
scripts/remote-fast-mdm-browser-smoke.mjsView on unpkg · L3Package ships native binary artifacts.
remote-fast/osx-x64/mindexec-remote-fastView on unpkgPackage ships WebAssembly modules.
tree-sitter-grammars/tree-sitter-go.wasmView on unpkgPackage ships non-JavaScript build or shell helper files.
start-bridge.batView on unpkg