AI Security Review
scanned 7h ago · by lpm-firewall-aiNo confirmed install-time malware or unconsented foreign AI-agent control-surface mutation was found. The package is a user-invoked local AI bridge with high-risk shell, Codex, browser, remote-agent, and network capabilities behind a local token by default.
Decision evidence
public snapshot- server.js exposes token-protected /api/shell routes that run user-supplied commands via /bin/bash or cmd.exe
- codex-runtime.js creates ~/.mindexec/codex-runtime, copies ~/.codex/auth.json if present, writes config.toml, and can spawn codex
- server.js can launch managed remote agents via packaged binary or npx -y @mindexec/remote@latest connect
- server.js includes outbound API/search/model calls to OpenRouter, ImageRouter, YouTube, DuckDuckGo, Brave, Bing, Google News, and OpenAI-compatible embeddings
- package.json postinstall only runs scripts/setup-tree-sitter-grammars.mjs
- scripts/setup-tree-sitter-grammars.mjs only ensures tree-sitter-grammars/*.wasm exists from local dependency paths
- launch-bridge.cjs starts server.js only when CLI is invoked; no install-time bridge launch found
- server.js protects shell, codex, remote, and other sensitive routes with X-Bridge-Token by default
- Codex config is written under package-owned isolated ~/.mindexec/codex-runtime unless explicitly configured to use ~/.codex
Source & flagged code
12 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgA single source file combines environment access, network access, and code or shell execution with blocking evidence.
server.jsView on unpkg · L18A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
server.jsView on unpkgPackage source references dynamic code evaluation.
wwwroot/assets/MindCanvas-CIML1ZXD.jsView on unpkg · L965Package source references dynamic require/import behavior.
wwwroot/assets/supabaseAuthAdapter-DjshhyTD.jsView on unpkg · L43Source launches a detached bundled service that exposes a broad-bound HTTP listener.
scripts/remote-fast-mdm-browser-smoke.mjsView on unpkg · L3Package ships native binary artifacts.
remote-fast/osx-x64/mindexec-remote-fastView on unpkgPackage ships WebAssembly modules.
tree-sitter-grammars/tree-sitter-go.wasmView on unpkgPackage ships non-JavaScript build or shell helper files.
start-bridge.batView on unpkg