AI Security Review
scanned 2h ago · by lpm-firewall-aiNo confirmed malicious package behavior was found, but the user-invoked local bridge exposes broad filesystem, shell, browser, remote-device, and Codex-agent capabilities. Some read/list endpoints are not bridge-token protected, creating unresolved local data exposure risk rather than a proven malware chain.
Decision evidence
public snapshot- server.js exposes local file read/list APIs; /api/file/read and /api/dir/list are not in PROTECTED_BRIDGE_ROUTES.
- server.js provides token-protected file write/delete, shell execution, browser control, remote device, and Codex agent endpoints.
- codex-runtime.js creates a MindExec-owned Codex runtime home and may copy ~/.codex/auth.json into ~/.mindexec/codex-runtime.
- remote-fast/ ships native executables and tree-sitter-grammars/ ships WASM parser modules.
- package.json postinstall only runs scripts/setup-tree-sitter-grammars.mjs to copy missing bundled tree-sitter WASM files.
- launch-bridge.cjs starts server.js only when user invokes the CLI/bin, not on import.
- Dangerous shell/write/Codex/remote endpoints are protected by X-Bridge-Token or Bearer token by default.
- No source evidence of install-time credential harvesting, exfiltration, remote payload download, or foreign AI-agent config mutation.
Source & flagged code
12 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgA single source file combines environment access, network access, and code or shell execution with blocking evidence.
server.jsView on unpkg · L18A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
server.jsView on unpkgPackage source references dynamic code evaluation.
wwwroot/assets/canvas-ai-task-core-O-vAY_i5.jsView on unpkg · L1221Package source references dynamic require/import behavior.
wwwroot/assets/supabaseAuthAdapter-By7glRIM.jsView on unpkg · L43Source launches a detached bundled service that exposes a broad-bound HTTP listener.
scripts/remote-fast-mdm-browser-smoke.mjsView on unpkg · L3Package ships native binary artifacts.
remote-fast/osx-x64/mindexec-remote-fastView on unpkgPackage ships WebAssembly modules.
tree-sitter-grammars/tree-sitter-go.wasmView on unpkgPackage ships non-JavaScript build or shell helper files.
start-bridge.batView on unpkg