AI Security Review
scanned 3h ago · by lpm-firewall-aiThe package is a local AI/runtime bridge with powerful user-invoked capabilities: shell execution, workspace file mutation, Codex execution, browser automation, and remote device/agent pairing. The main unresolved risk is a default externally reachable RemoteHub listener combined with remote-agent management, but no malicious install-time chain was found.
Decision evidence
public snapshot- server.js exposes token-protected local APIs for file write/delete and shell execution.
- server.js starts RemoteHub by default; remote-hub.js default host is 0.0.0.0:5199 and warns it is externally reachable.
- server.js can spawn packaged remote-fast native binaries and managed remote agents.
- codex-runtime.js writes an isolated Codex home and can spawn codex exec for user-supplied prompts.
- package.json postinstall only runs scripts/setup-tree-sitter-grammars.mjs, which copies bundled tree-sitter WASM grammar files if missing.
- Primary bridge server binds HTTP to 127.0.0.1 and protects shell/file/codex/remote routes with X-Bridge-Token.
- Dangerous shell, file, Codex, and remote-agent functions are runtime API features, not install-time execution.
- No static evidence of credential exfiltration, remote payload download, destructive install hook, or AI-agent config hijack.
- Network endpoints observed are local bridge, local CompanyCore proxy, Supabase-auth app flow, and RemoteHub pairing functionality.
Source & flagged code
12 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgA single source file combines environment access, network access, and code or shell execution with blocking evidence.
server.jsView on unpkg · L18A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
server.jsView on unpkgPackage source references dynamic code evaluation.
wwwroot/assets/canvas-ai-task-core-ekSGbHyt.jsView on unpkg · L1221Package source references dynamic require/import behavior.
wwwroot/assets/supabaseAuthAdapter-By7glRIM.jsView on unpkg · L43Source launches a detached bundled service that exposes a broad-bound HTTP listener.
scripts/remote-fast-mdm-browser-smoke.mjsView on unpkg · L3Package ships native binary artifacts.
remote-fast/osx-x64/mindexec-remote-fastView on unpkgPackage ships WebAssembly modules.
tree-sitter-grammars/tree-sitter-go.wasmView on unpkgPackage ships non-JavaScript build or shell helper files.
start-bridge.batView on unpkg