AI Security Review
scanned 2h ago · by lpm-firewall-aiNo confirmed malicious install-time attack was found. The package is a local AI bridge that intentionally exposes powerful runtime capabilities after the user starts it.
Decision evidence
public snapshot- server.js exposes token-protected /api/shell/execute and /api/shell/jobs that spawn bash/cmd commands
- server.js exposes token-protected file write/delete/copy/move APIs bounded to workspacePath
- codex-runtime.js can spawn codex and writes isolated CODEX_HOME config under ~/.mindexec/codex-runtime during user-invoked runs
- remote-hub.js starts a TCP RemoteHub by default on 0.0.0.0:5199 with pair-token authentication
- /api/status returns bridgeToken and runtime status without requiring the bridge token
- package.json postinstall only runs scripts/setup-tree-sitter-grammars.mjs to copy packaged tree-sitter wasm files
- launch-bridge.cjs starts server.js only when the CLI/bin is invoked and binds the HTTP bridge to 127.0.0.1
- server.js protects shell, file, codex, remote, auth, and company-core routes with X-Bridge-Token
- validatePath keeps file APIs inside the configured workspacePath
- No install-time credential harvesting, exfiltration endpoint, destructive payload, or AI-agent config hijack found
- wwwroot eval is a browser-side sandboxed task runner with network globals disabled
Source & flagged code
12 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgA single source file combines environment access, network access, and code or shell execution with blocking evidence.
server.jsView on unpkg · L18A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
server.jsView on unpkgPackage source references dynamic code evaluation.
wwwroot/assets/canvas-ai-task-core-O-vAY_i5.jsView on unpkg · L1221Package source references dynamic require/import behavior.
wwwroot/assets/supabaseAuthAdapter-By7glRIM.jsView on unpkg · L43Source launches a detached bundled service that exposes a broad-bound HTTP listener.
scripts/remote-fast-mdm-browser-smoke.mjsView on unpkg · L3Package ships native binary artifacts.
remote-fast/osx-x64/mindexec-remote-fastView on unpkgPackage ships WebAssembly modules.
tree-sitter-grammars/tree-sitter-go.wasmView on unpkgPackage ships non-JavaScript build or shell helper files.
start-bridge.batView on unpkg