AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The package is a local AI bridge with explicit runtime shell, file, browser, remote-device, and Codex-agent capabilities. The main unresolved risk is first-party Codex runtime setup that copies Codex auth into a package-owned isolated home and writes Codex config at runtime.
Decision evidence
public snapshot- codex-runtime.js creates an isolated Codex home under ~/.mindexec/codex-runtime and copies ~/.codex/auth.json when runtime starts.
- codex-runtime.js writes a generated config.toml marking the selected workspace trusted for Codex runs.
- server.js exposes protected local APIs for shell execution, file writes, browser actions, Codex threads, and remote device tasks.
- server.js starts a remote hub on 0.0.0.0 by default with pairing/token controls.
- package.json postinstall only runs scripts/setup-tree-sitter-grammars.mjs, which copies packaged tree-sitter WASM grammar files into tree-sitter-grammars.
- No install-time mutation of foreign AI-agent config or broad control surfaces found.
- Dangerous capabilities are runtime local-bridge features, not import-time or install-time execution.
- Protected bridge routes require X-Bridge-Token or Bearer token by default.
- Network endpoints are product-aligned local bridge, OAuth/model/search/proxy features, not covert exfiltration.
- No credential harvesting loop or hardcoded attacker dropper endpoint found in inspected entrypoints.
Source & flagged code
12 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgA single source file combines environment access, network access, and code or shell execution with blocking evidence.
server.jsView on unpkg · L18A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
server.jsView on unpkgPackage source references dynamic code evaluation.
wwwroot/assets/canvas-ai-task-core-eizABDdB.jsView on unpkg · L1221Package source references dynamic require/import behavior.
wwwroot/assets/supabaseAuthAdapter-By7glRIM.jsView on unpkg · L43Source launches a detached bundled service that exposes a broad-bound HTTP listener.
scripts/remote-fast-mdm-browser-smoke.mjsView on unpkg · L3Package ships native binary artifacts.
remote-fast/osx-x64/mindexec-remote-fastView on unpkgPackage ships WebAssembly modules.
tree-sitter-grammars/tree-sitter-go.wasmView on unpkgPackage ships non-JavaScript build or shell helper files.
start-bridge.batView on unpkg