AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- server.js exposes /api/status without auth and includes bridgeToken.
- server.js permits CORS from localhost and mindexec.pages.dev origins.
- server.js /api/shell/execute and /api/shell/jobs spawn shell commands after bridge-token auth.
- codex-runtime.js creates ~/.mindexec/codex-runtime and can spawn codex exec for user-requested runs.
- server.js can launch @mindexec/remote@latest via npx for managed RemoteAgent connections.
- package.json postinstall only runs scripts/setup-tree-sitter-grammars.mjs.
- scripts/setup-tree-sitter-grammars.mjs only copies tree-sitter wasm files into package tree-sitter-grammars/.
- No install-time writes to foreign AI-agent config, MCP config, shell startup, VCS hooks, or autostart entries found.
- Server binds HTTP bridge to 127.0.0.1 and protects sensitive API routes with bridge token.
- Dangerous execution paths are runtime APIs for the declared local bridge/AI runtime product.
Source & flagged code
12 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgA single source file combines environment access, network access, and code or shell execution with blocking evidence.
server.jsView on unpkg · L18A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
server.jsView on unpkgPackage source references dynamic code evaluation.
wwwroot/assets/canvas-ai-task-core-Cdd4w86S.jsView on unpkg · L1148Package source references dynamic require/import behavior.
wwwroot/assets/supabaseAuthAdapter-_4BPk0jl.jsView on unpkg · L43Source launches a detached bundled service that exposes a broad-bound HTTP listener.
scripts/remote-fast-mdm-browser-smoke.mjsView on unpkg · L3Package ships native binary artifacts.
remote-fast/osx-x64/mindexec-remote-fastView on unpkgPackage ships WebAssembly modules.
tree-sitter-grammars/tree-sitter-go.wasmView on unpkgPackage ships non-JavaScript build or shell helper files.
start-bridge.batView on unpkg