AI Security Review
scanned 3h ago · by lpm-firewall-aiNo confirmed malicious install-time behavior was found. Runtime exposes powerful local bridge, shell, Codex, and remote-agent capabilities after the user starts the CLI, with token gating but meaningful dual-use risk.
Decision evidence
public snapshot- server.js exposes token-protected /api/shell/* routes that run user-supplied shell commands via /bin/bash or cmd.exe.
- server.js remote registry follower is enabled by default and can spawn npx -y @mindexec/remote@latest connect with registry-provided manager/pair token.
- codex-runtime.js can create ~/.mindexec/codex-runtime, copy ~/.codex/auth.json, and launch codex exec for local agent runs.
- package.json postinstall only runs scripts/setup-tree-sitter-grammars.mjs to copy packaged tree-sitter wasm files into tree-sitter-grammars/.
- launch-bridge.cjs is a user-invoked CLI that starts local server.js and opens localhost; no install-time server launch.
- Protected bridge routes require a random or configured X-Bridge-Token by default.
- No lifecycle hook writes foreign AI-agent control files such as .mcp.json, CLAUDE.md, Cursor/Codex settings, or VCS hooks.
- Network endpoints are product-aligned local bridge, Supabase/app config, model/search APIs, and remote-agent features.
Source & flagged code
12 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgA single source file combines environment access, network access, and code or shell execution with blocking evidence.
server.jsView on unpkg · L18A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
server.jsView on unpkgPackage source references dynamic code evaluation.
wwwroot/assets/canvas-ai-task-core-BsG-z7NQ.jsView on unpkg · L1131Package source references dynamic require/import behavior.
wwwroot/assets/supabaseAuthAdapter-Cs-wOx8n.jsView on unpkg · L43Source launches a detached bundled service that exposes a broad-bound HTTP listener.
scripts/remote-fast-mdm-browser-smoke.mjsView on unpkg · L3Package ships native binary artifacts.
remote-fast/osx-x64/mindexec-remote-fastView on unpkgPackage ships WebAssembly modules.
tree-sitter-grammars/tree-sitter-go.wasmView on unpkgPackage ships non-JavaScript build or shell helper files.
start-bridge.batView on unpkg