AI Security Review
scanned 1d ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- server.js starts RemoteHub at runtime; remote-hub.js defaults host to 0.0.0.0 and warns it is externally reachable.
- server.js exposes protected local APIs for shell jobs, Codex runs, browser actions, files, and remote agent connect.
- server.js can spawn a managed RemoteAgent to registry-provided manager endpoints with a pairing token.
- codex-runtime.js can create an isolated Codex home under ~/.mindexec/codex-runtime and launch codex or @openai/codex-sdk on API request.
- package ships native remote-fast binaries and wasm grammars.
- package.json postinstall only runs scripts/setup-tree-sitter-grammars.mjs, which copies packaged tree-sitter wasm files into tree-sitter-grammars.
- No install-time writes to Claude/Codex/Cursor MCP configs, shell startup files, VCS hooks, or autostart locations found.
- server.js binds the main bridge HTTP server to 127.0.0.1 and protects dangerous routes with X-Bridge-Token by default.
- launch-bridge.cjs is a user-invoked CLI that starts server.js and opens localhost app; no hidden import-time payload seen.
- Remote registry/Supabase behavior appears product-aligned and requires local runtime/auth context, not credential harvesting.
Source & flagged code
12 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgA single source file combines environment access, network access, and code or shell execution with blocking evidence.
server.jsView on unpkg · L18A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
server.jsView on unpkgPackage source references dynamic code evaluation.
wwwroot/assets/canvas-ai-task-core-BU2hYVdU.jsView on unpkg · L1131Package source references dynamic require/import behavior.
wwwroot/assets/supabaseAuthAdapter-Cs-wOx8n.jsView on unpkg · L43Source launches a detached bundled service that exposes a broad-bound HTTP listener.
scripts/remote-fast-mdm-browser-smoke.mjsView on unpkg · L3Package ships native binary artifacts.
remote-fast/osx-x64/mindexec-remote-fastView on unpkgPackage ships WebAssembly modules.
tree-sitter-grammars/tree-sitter-go.wasmView on unpkgPackage ships non-JavaScript build or shell helper files.
start-bridge.batView on unpkg