AI Security Review
scanned 10h ago · by lpm-firewall-aiNo confirmed malicious install-time behavior was found, but the package is a local AI/remote-control bridge with shell, file, Codex, and remote-agent capabilities. The main risk is dangerous user-invoked/runtime capability exposed through local token-protected APIs and a default remote hub listener.
Decision evidence
public snapshot- server.js exposes token-protected file write/delete and shell execution APIs under /api/file/* and /api/shell/*.
- codex-runtime.js can launch Codex via SDK or `codex exec` and creates an isolated runtime under ~/.mindexec/codex-runtime.
- remote-hub.js starts a RemoteHub by default on 0.0.0.0:5199, accepting paired remote agents by token.
- package ships native remote agent binaries under remote-fast/* and starts runtime through bin launch-bridge.cjs.
- package.json postinstall only runs scripts/setup-tree-sitter-grammars.mjs to copy packaged tree-sitter WASM grammars into its own tree-sitter-grammars directory.
- launch-bridge.cjs is an explicit CLI entrypoint that starts a local bridge; no install-time server launch observed.
- server.js binds the main HTTP bridge to 127.0.0.1 and protects dangerous REST routes with a generated bridge token.
- No source evidence of credential exfiltration, dependency confusion, destructive persistence, or lifecycle writes to foreign AI-agent config surfaces.
Source & flagged code
12 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgA single source file combines environment access, network access, and code or shell execution with blocking evidence.
server.jsView on unpkg · L18A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
server.jsView on unpkgPackage source references dynamic code evaluation.
wwwroot/assets/MindCanvas-_vDE4W5O.jsView on unpkg · L817Package source references dynamic require/import behavior.
wwwroot/assets/supabaseAuthAdapter-DjshhyTD.jsView on unpkg · L43Source launches a detached bundled service that exposes a broad-bound HTTP listener.
scripts/remote-fast-mdm-browser-smoke.mjsView on unpkg · L3Package ships native binary artifacts.
remote-fast/osx-x64/mindexec-remote-fastView on unpkgPackage ships WebAssembly modules.
tree-sitter-grammars/tree-sitter-go.wasmView on unpkgPackage ships non-JavaScript build or shell helper files.
start-bridge.batView on unpkg