AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- server.js exposes token-protected local APIs for file read/write/delete, directory deletion, shell execution, browser actions, and Codex runs.
- codex-runtime.js can create ~/.mindexec/codex-runtime, copy ~/.codex/auth.json if present, write config.toml, and spawn codex exec on API request.
- server.js starts RemoteHub and ships remote-fast native binaries; README documents remote agent pairing and opt-in AI-assist tasks.
- server.js can contact package/product endpoints including Supabase, OpenRouter/ImageRouter, YouTube/search providers, and local CompanyCore.
- package.json postinstall only runs scripts/setup-tree-sitter-grammars.mjs, which copies packaged/missing tree-sitter WASM grammars into tree-sitter-grammars.
- launch-bridge.cjs is a user-invoked CLI that starts server.js and opens http://localhost:5167/mindcanvas; no install-time bridge launch found.
- server.js binds the HTTP bridge to 127.0.0.1 and protects dangerous routes with X-Bridge-Token/Authorization by default.
- README documents local bridge, remote hub, shell/Codex APIs, bridge token requirement, and loopback default for RemoteHub.
- No unconsented lifecycle writes to foreign AI-agent surfaces such as CLAUDE.md, .mcp.json, Cursor/Codex settings, or shell startup files were found.
- Network and credential handling appear package-aligned for MindExec auth/registry/model/search features rather than covert exfiltration.
Source & flagged code
12 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgA single source file combines environment access, network access, and code or shell execution with blocking evidence.
server.jsView on unpkg · L18A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
server.jsView on unpkgPackage source references dynamic code evaluation.
wwwroot/assets/canvas-ai-task-core-Bis3sJXE.jsView on unpkg · L1131Package source references dynamic require/import behavior.
wwwroot/assets/supabaseAuthAdapter-D0CrBZli.jsView on unpkg · L43Source launches a detached bundled service that exposes a broad-bound HTTP listener.
scripts/remote-fast-mdm-browser-smoke.mjsView on unpkg · L3Package ships native binary artifacts.
remote-fast/osx-x64/mindexec-remote-fastView on unpkgPackage ships WebAssembly modules.
tree-sitter-grammars/tree-sitter-go.wasmView on unpkgPackage ships non-JavaScript build or shell helper files.
start-bridge.batView on unpkg