AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious attack chain was found, but the package intentionally ships a local AI bridge with guarded shell, file, Codex, browser, and remote-agent capabilities. Risk is from explicit runtime use or local token exposure, not from install-time compromise.
Decision evidence
public snapshot- server.js exposes protected local APIs for shell execution, file writes/deletes, browser actions, Codex runs, and remote agent control.
- /api/status returns bridgeToken; protected routes then accept that token via X-Bridge-Token or Bearer.
- codex-runtime.js creates an isolated Codex home, copies ~/.codex/auth.json if present, and writes config.toml for runs.
- server.js can launch bundled remote-fast binaries or npx -y @mindexec/remote@latest for managed RemoteAgent connections.
- package.json postinstall only runs scripts/setup-tree-sitter-grammars.mjs, which copies missing tree-sitter wasm files into tree-sitter-grammars.
- server.js binds HTTP server to 127.0.0.1, not a public interface.
- File operations are constrained through validatePath/resolveReadablePath to workspace or active project roots.
- Network endpoints are product-aligned model/auth/search/remote services; no credential exfiltration sink was found.
- No install-time mutation of foreign AI-agent control surfaces was found.
Source & flagged code
12 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgA single source file combines environment access, network access, and code or shell execution with blocking evidence.
server.jsView on unpkg · L18A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
server.jsView on unpkgPackage source references dynamic code evaluation.
wwwroot/assets/canvas-ai-task-core-ekSGbHyt.jsView on unpkg · L1221Package source references dynamic require/import behavior.
wwwroot/assets/supabaseAuthAdapter-By7glRIM.jsView on unpkg · L43Source launches a detached bundled service that exposes a broad-bound HTTP listener.
scripts/remote-fast-mdm-browser-smoke.mjsView on unpkg · L3Package ships native binary artifacts.
remote-fast/osx-x64/mindexec-remote-fastView on unpkgPackage ships WebAssembly modules.
tree-sitter-grammars/tree-sitter-go.wasmView on unpkgPackage ships non-JavaScript build or shell helper files.
start-bridge.batView on unpkg