AI Security Review
scanned 9h ago · by lpm-firewall-aiNo confirmed malicious install-time attack surface was found. The package is a powerful local AI bridge with shell, file, Codex, browser, remote-agent, and network capabilities exposed after the user starts it.
Decision evidence
public snapshot- server.js exposes token-protected local APIs for file write/delete, directory delete, shell execution, Codex runs, browser automation, and remote agent control.
- codex-runtime.js creates an isolated Codex home under ~/.mindexec/codex-runtime, copies ~/.codex/auth.json if present, and can run @openai/codex-sdk or codex exec with caller-selected sandbox/approval options.
- server.js can spawn bundled remote-fast binaries or npx -y @mindexec/remote@latest to connect to a remote manager after authenticated registry/agent actions.
- server.js contains live network integrations for YouTube, DuckDuckGo/Brave/Bing/news search, Supabase, CompanyCore proxy, and OpenAI-compatible embeddings.
- package.json postinstall only runs scripts/setup-tree-sitter-grammars.mjs, which copies missing tree-sitter WASM grammar files into the package tree.
- No install-time writes to .mcp.json, CLAUDE.md, Claude/Codex/Cursor settings, shell startup files, VCS hooks, or OS autostart entries were found.
- server.js listens on 127.0.0.1 and protects file/shell/Codex/remote routes with X-Bridge-Token by default.
- Dangerous capabilities are documented as the local MindExec bridge behavior and require running the CLI/server, not import-time execution.
- Workspace file APIs validate paths under the configured workspace, and Codex additional directories are constrained under the working directory.
Source & flagged code
12 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgA single source file combines environment access, network access, and code or shell execution with blocking evidence.
server.jsView on unpkg · L18A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
server.jsView on unpkgPackage source references dynamic code evaluation.
wwwroot/assets/MindCanvas-DBzHER9x.jsView on unpkg · L817Package source references dynamic require/import behavior.
wwwroot/assets/supabaseAuthAdapter-DjshhyTD.jsView on unpkg · L43Source launches a detached bundled service that exposes a broad-bound HTTP listener.
scripts/remote-fast-mdm-browser-smoke.mjsView on unpkg · L3Package ships native binary artifacts.
remote-fast/osx-x64/mindexec-remote-fastView on unpkgPackage ships WebAssembly modules.
tree-sitter-grammars/tree-sitter-go.wasmView on unpkgPackage ships non-JavaScript build or shell helper files.
start-bridge.batView on unpkg