AI Security Review
scanned 9h ago · by lpm-firewall-aiNo confirmed malicious install-time behavior, but the package is a local AI/remote-control bridge with substantial dangerous capability when run. The risk is user-invoked shell/file/Codex/remote-agent control, not stealthy exfiltration or lifecycle hijack.
Decision evidence
public snapshot- Runtime bridge exposes token-protected file write/delete and shell execution APIs in server.js.
- codex-runtime.js can create an isolated ~/.mindexec/codex-runtime, copy ~/.codex/auth.json, and launch Codex SDK/CLI on user requests.
- remote-hub.js defaults RemoteHub to 0.0.0.0:5199 with pair-token auth and remote task/AI-assist routing.
- Package ships native remote-fast binaries and bundled web app assets.
- package.json postinstall only runs scripts/setup-tree-sitter-grammars.mjs to copy tree-sitter WASM files into package tree-sitter-grammars/.
- No install-time write to foreign AI-agent surfaces such as .mcp.json, CLAUDE.md, Cursor/Codex settings, or shell startup files found.
- Bridge APIs are runtime/user-invoked and protected by generated BRIDGE_TOKEN by default.
- Codex runtime disables inherited MCP servers by default and does not force danger-full-access or skip approvals.
Source & flagged code
12 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgA single source file combines environment access, network access, and code or shell execution with blocking evidence.
server.jsView on unpkg · L18A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
server.jsView on unpkgPackage source references dynamic code evaluation.
wwwroot/assets/MindCanvas-DcEzeIxX.jsView on unpkg · L817Package source references dynamic require/import behavior.
wwwroot/assets/supabaseAuthAdapter-DjshhyTD.jsView on unpkg · L43Source launches a detached bundled service that exposes a broad-bound HTTP listener.
scripts/remote-fast-mdm-browser-smoke.mjsView on unpkg · L3Package ships native binary artifacts.
remote-fast/osx-x64/mindexec-remote-fastView on unpkgPackage ships WebAssembly modules.
tree-sitter-grammars/tree-sitter-go.wasmView on unpkgPackage ships non-JavaScript build or shell helper files.
start-bridge.batView on unpkg