AI Security Review
scanned 4h ago · by lpm-firewall-aiThe package is a user-invoked local AI/automation bridge with powerful file, shell, browser, Codex, and remote-device capabilities. The install hook is package-aligned and not a confirmed attack path, but the runtime capability surface is high risk if exposed or misused.
Decision evidence
public snapshot- server.js exposes token-protected local APIs for file write/delete, directory delete, shell execution, browser actions, and Codex thread control.
- codex-runtime.js can spawn Codex CLI/SDK with workspace-write by default for edit-like prompts and creates an isolated CODEX_HOME under ~/.mindexec/codex-runtime.
- server.js includes remote device/control WebSocket and RemoteHub paths plus bundled native remote-fast binaries.
- /api/status returns bridgeToken for local app use; protected routes rely on clients first retrieving that token.
- package.json postinstall only runs scripts/setup-tree-sitter-grammars.mjs, which copies missing tree-sitter WASM files into tree-sitter-grammars.
- launch-bridge.cjs is user-invoked via bin/start and starts server.js; it does not install agent config or persistence.
- server.js validates file paths under workspace/opened project for local file APIs.
- Bridge REST routes and remote frame/input WebSockets are protected by random bridgeToken unless explicitly disabled by env.
- RemoteHub README says direct remote mode binds to loopback by default and LAN mode requires env opt-in.
- No source evidence of credential exfiltration, dependency confusion, lifecycle persistence, or unconsented writes to foreign AI-agent control surfaces.
Source & flagged code
12 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgA single source file combines environment access, network access, and code or shell execution with blocking evidence.
server.jsView on unpkg · L18A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
server.jsView on unpkgPackage source references dynamic code evaluation.
wwwroot/assets/canvas-ai-task-core-BsG-z7NQ.jsView on unpkg · L1131Package source references dynamic require/import behavior.
wwwroot/assets/supabaseAuthAdapter-Cs-wOx8n.jsView on unpkg · L43Source launches a detached bundled service that exposes a broad-bound HTTP listener.
scripts/remote-fast-mdm-browser-smoke.mjsView on unpkg · L3Package ships native binary artifacts.
remote-fast/osx-x64/mindexec-remote-fastView on unpkgPackage ships WebAssembly modules.
tree-sitter-grammars/tree-sitter-go.wasmView on unpkgPackage ships non-JavaScript build or shell helper files.
start-bridge.batView on unpkg