AI Security Review
scanned 2h ago · by lpm-firewall-aiNo confirmed malicious attack chain was found. The package is a local AI bridge with substantial user-invoked file, shell, Codex, remote-agent, and native-binary capability, so it carries real operational risk if exposed or misconfigured.
Decision evidence
public snapshot- server.js exposes protected local APIs for file writes/deletes, shell execution, Codex thread runs, remote device tasks, and browser actions.
- server.js and codex-runtime.js spawn shell/Codex processes from authenticated runtime API requests.
- codex-runtime.js creates ~/.mindexec/codex-runtime and may copy ~/.codex/auth.json into that isolated runtime home.
- server.js reads Supabase/OpenRouter/ImageRouter/company-core tokens from environment/config for package-aligned auth/model features.
- remote-fast/ ships native platform binaries and tree-sitter-grammars/ ships WASM parsers.
- package.json postinstall only runs scripts/setup-tree-sitter-grammars.mjs to ensure tree-sitter WASM grammar files are present.
- No install-time mutation of foreign AI-agent config or broad control surface found.
- Dangerous shell/file/Codex capabilities are runtime APIs behind bridge token checks, not import/install-time execution.
- launch-bridge.cjs starts the local bridge on explicit CLI use and opens localhost app; no remote payload download observed.
- Network endpoints are package-aligned local bridge, Supabase/model catalog, YouTube, and optional company-core/remote hub features.
- Path validation constrains file/shell operations to workspace/opened project paths in inspected code.
Source & flagged code
12 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgA single source file combines environment access, network access, and code or shell execution with blocking evidence.
server.jsView on unpkg · L18A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
server.jsView on unpkgPackage source references dynamic code evaluation.
wwwroot/assets/canvas-ai-task-core-eizABDdB.jsView on unpkg · L1221Package source references dynamic require/import behavior.
wwwroot/assets/supabaseAuthAdapter-By7glRIM.jsView on unpkg · L43Source launches a detached bundled service that exposes a broad-bound HTTP listener.
scripts/remote-fast-mdm-browser-smoke.mjsView on unpkg · L3Package ships native binary artifacts.
remote-fast/osx-x64/mindexec-remote-fastView on unpkgPackage ships WebAssembly modules.
tree-sitter-grammars/tree-sitter-go.wasmView on unpkgPackage ships non-JavaScript build or shell helper files.
start-bridge.batView on unpkg