AI Security Review
scanned 4h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- server.js exposes token-protected /api/shell/* endpoints that spawn /bin/bash or cmd.exe with caller-supplied commands.
- server.js exposes /api/codex/* endpoints that can run Codex SDK/CLI against the selected workspace.
- remote-hub.js enables a RemoteHub by default on 0.0.0.0:5199 with paired remote device input/task control.
- server.js starts the remote registry follower at runtime by default when the bridge server starts.
- package.json postinstall only runs scripts/setup-tree-sitter-grammars.mjs to copy packaged tree-sitter WASM files.
- No install-time write to foreign AI-agent control surfaces such as .mcp.json, CLAUDE.md, Codex/Cursor settings, or shell startup files was found.
- Dangerous runtime routes are protected by X-Bridge-Token/Bearer token unless BRIDGE_REQUIRE_TOKEN is explicitly disabled.
- Codex runtime uses an isolated ~/.mindexec/codex-runtime by default and disables inherited MCP servers when configured.
- Network endpoints are package-aligned local bridge, CompanyCore proxy, Supabase/app auth, Google YouTube API, and remote-device bridge functions.
Source & flagged code
12 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgA single source file combines environment access, network access, and code or shell execution with blocking evidence.
server.jsView on unpkg · L18A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
server.jsView on unpkgPackage source references dynamic code evaluation.
wwwroot/assets/canvas-ai-task-core-DyNJof-L.jsView on unpkg · L1148Package source references dynamic require/import behavior.
wwwroot/assets/supabaseAuthAdapter-By7glRIM.jsView on unpkg · L43Source launches a detached bundled service that exposes a broad-bound HTTP listener.
scripts/remote-fast-mdm-browser-smoke.mjsView on unpkg · L3Package ships native binary artifacts.
remote-fast/osx-x64/mindexec-remote-fastView on unpkgPackage ships WebAssembly modules.
tree-sitter-grammars/tree-sitter-go.wasmView on unpkgPackage ships non-JavaScript build or shell helper files.
start-bridge.batView on unpkg