AI Security Review
scanned 7h ago · by lpm-firewall-aiNo confirmed malicious attack surface from static inspection. The install hook is package-owned grammar setup; powerful shell/Codex/remote bridge capabilities require an explicit launch and local token authorization.
Decision evidence
public snapshot- package.json defines postinstall: npm run setup:grammars
- launch-bridge.cjs bin spawns server.js and opens localhost app on explicit CLI use
- server.js exposes token-gated shell, codex, remote, browser, and company-core routes
- codex-runtime.js can create ~/.mindexec/codex-runtime and copy ~/.codex/auth.json during runtime use
- remote-fast/ ships native binaries; tree-sitter-grammars/ ships WASM grammars
- scripts/setup-tree-sitter-grammars.mjs only creates package-owned tree-sitter-grammars/ and copies bundled grammar WASM files
- No install-time network fetch, remote code execution, persistence, or foreign AI-agent control-surface write found
- Bridge APIs are explicit runtime product functionality and protected by BRIDGE_TOKEN by default
- port-guard.cjs only terminates existing MindExec listeners unless force env vars are set
- No credential exfiltration or destructive lifecycle behavior found in inspected sources
Source & flagged code
12 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgA single source file combines environment access, network access, and code or shell execution with blocking evidence.
server.jsView on unpkg · L18A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
server.jsView on unpkgPackage source references dynamic code evaluation.
wwwroot/assets/MindCanvas-DWW0BocH.jsView on unpkg · L950Package source references dynamic require/import behavior.
wwwroot/assets/supabaseAuthAdapter-DjshhyTD.jsView on unpkg · L43Source launches a detached bundled service that exposes a broad-bound HTTP listener.
scripts/remote-fast-mdm-browser-smoke.mjsView on unpkg · L3Package ships native binary artifacts.
remote-fast/osx-x64/mindexec-remote-fastView on unpkgPackage ships WebAssembly modules.
tree-sitter-grammars/tree-sitter-go.wasmView on unpkgPackage ships non-JavaScript build or shell helper files.
start-bridge.batView on unpkg