AI Security Review
scanned 9h ago · by lpm-firewall-aiNo confirmed malicious install-time behavior, but the runtime is a powerful local AI bridge. When started by the user, it exposes token-gated shell, file, Codex, browser, and remote-agent/device APIs.
Decision evidence
public snapshot- package.json postinstall runs only scripts/setup-tree-sitter-grammars.mjs
- server.js exposes token-gated file write/delete, shell execution, Codex, remote device/control APIs
- codex-runtime.js can create ~/.mindexec/codex-runtime, copy ~/.codex/auth.json, and launch codex
- server.js can spawn @mindexec/remote@latest for managed remote-agent connections
- server.js fetches model catalogs from openrouter.ai and api.imagerouter.io
- Postinstall copies packaged tree-sitter WASM files into tree-sitter-grammars only
- Protected routes include /api/shell, /api/codex, /api/remote and require X-Bridge-Token by default
- launch-bridge.cjs is user-invoked CLI that starts local server and browser
- No install-time writes to .codex, Claude, MCP configs, shell startup files, or VCS hooks found
- RemoteHub README says loopback default; LAN mode requires explicit REMOTE_HUB_HOST=0.0.0.0
Source & flagged code
12 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgA single source file combines environment access, network access, and code or shell execution with blocking evidence.
server.jsView on unpkg · L18A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
server.jsView on unpkgPackage source references dynamic code evaluation.
wwwroot/assets/MindCanvas-CnScJ7ai.jsView on unpkg · L817Package source references dynamic require/import behavior.
wwwroot/assets/supabaseAuthAdapter-DjshhyTD.jsView on unpkg · L43Source launches a detached bundled service that exposes a broad-bound HTTP listener.
scripts/remote-fast-mdm-browser-smoke.mjsView on unpkg · L3Package ships native binary artifacts.
remote-fast/osx-x64/mindexec-remote-fastView on unpkgPackage ships WebAssembly modules.
tree-sitter-grammars/tree-sitter-go.wasmView on unpkgPackage ships non-JavaScript build or shell helper files.
start-bridge.batView on unpkg