AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious install-time payload was found, but the package is a powerful local AI bridge. Runtime use exposes workspace file mutation, shell execution, Codex execution, and a default externally reachable RemoteHub guarded by pairing tokens.
Decision evidence
public snapshot- server.js exposes protected local file write/delete and shell execution APIs under /api/file/* and /api/shell/*.
- server.js returns bridgeToken from unauthenticated /api/status, so local web clients can obtain the token for protected routes.
- remote-hub.js starts a TCP RemoteHub on 0.0.0.0 by default with pair-token based remote device/control flows.
- codex-runtime.js can spawn Codex and creates an isolated ~/.mindexec/codex-runtime with copied auth.json when user invokes Codex runs.
- package ships native remote-fast binaries and wasm grammars.
- package.json postinstall only runs scripts/setup-tree-sitter-grammars.mjs to copy packaged tree-sitter wasm files.
- server.js binds the HTTP LocalBridge to 127.0.0.1, not a public interface.
- Dangerous file/shell/Codex capabilities are runtime API features aligned with a local bridge/AI automation tool, not install-time execution.
- Path validation confines file operations to the configured workspace or opened project root.
- No credential harvesting or exfiltration endpoint was found in inspected source.
Source & flagged code
12 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgA single source file combines environment access, network access, and code or shell execution with blocking evidence.
server.jsView on unpkg · L18A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
server.jsView on unpkgPackage source references dynamic code evaluation.
wwwroot/assets/canvas-ai-task-core-eizABDdB.jsView on unpkg · L1221Package source references dynamic require/import behavior.
wwwroot/assets/supabaseAuthAdapter-By7glRIM.jsView on unpkg · L43Source launches a detached bundled service that exposes a broad-bound HTTP listener.
scripts/remote-fast-mdm-browser-smoke.mjsView on unpkg · L3Package ships native binary artifacts.
remote-fast/osx-x64/mindexec-remote-fastView on unpkgPackage ships WebAssembly modules.
tree-sitter-grammars/tree-sitter-go.wasmView on unpkgPackage ships non-JavaScript build or shell helper files.
start-bridge.batView on unpkg