AI Security Review
scanned 2h ago · by lpm-firewall-aiNo confirmed malicious install-time behavior was found. Runtime provides a powerful local AI bridge with shell, file, Codex, browser, and remote-agent capabilities guarded mainly by a local bridge token and pair tokens.
Decision evidence
public snapshot- server.js exposes token-protected /api/shell/* routes that spawn shell commands in the workspace.
- server.js exposes token-protected /api/codex/* routes and codex-runtime.js can run @openai/codex-sdk or codex exec.
- codex-runtime.js creates ~/.mindexec/codex-runtime and copies ~/.codex/auth.json into that isolated runtime.
- remote-hub.js defaults RemoteHub host to 0.0.0.0 with pair-token based remote agent access.
- server.js can launch packaged remote-fast binaries or npx -y @mindexec/remote@latest at runtime.
- package.json postinstall only runs scripts/setup-tree-sitter-grammars.mjs to copy packaged tree-sitter wasm files.
- launch-bridge.cjs is a user-invoked CLI that starts server.js and opens localhost app; no install-time server launch found.
- server.js binds the main HTTP bridge to 127.0.0.1 and protects shell/Codex/remote mutation routes with X-Bridge-Token by default.
- File write/delete helpers validate paths within the configured workspace.
- No credential harvesting/exfiltration or unconsented writes to foreign AI-agent config surfaces found in lifecycle code.
Source & flagged code
12 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgA single source file combines environment access, network access, and code or shell execution with blocking evidence.
server.jsView on unpkg · L18A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
server.jsView on unpkgPackage source references dynamic code evaluation.
wwwroot/assets/canvas-ai-task-core-DUDdywGD.jsView on unpkg · L1131Package source references dynamic require/import behavior.
wwwroot/assets/supabaseAuthAdapter-D0CrBZli.jsView on unpkg · L43Source launches a detached bundled service that exposes a broad-bound HTTP listener.
scripts/remote-fast-mdm-browser-smoke.mjsView on unpkg · L3Package ships native binary artifacts.
remote-fast/osx-x64/mindexec-remote-fastView on unpkgPackage ships WebAssembly modules.
tree-sitter-grammars/tree-sitter-go.wasmView on unpkgPackage ships non-JavaScript build or shell helper files.
start-bridge.batView on unpkg