AI Security Review
scanned 3h ago · by lpm-firewall-aiNo confirmed malicious install-time behavior was found, but the package provides a powerful user-invoked local bridge. Once started, it can write/delete workspace files, execute shell commands, run Codex, and manage remote agents behind bridge/pairing tokens.
Decision evidence
public snapshot- server.js exposes token-protected file write/delete and shell execution APIs when the user starts the local bridge.
- server.js starts RemoteHub by default on 0.0.0.0:5199 with pairing-token gated remote device/task features.
- server.js and codex-runtime.js can launch Codex CLI/SDK and write isolated CODEX_HOME config under ~/.mindexec/codex-runtime.
- server.js can launch bundled remote-fast native binaries or fall back to npx -y @mindexec/remote@latest for remote agent features.
- package.json postinstall only runs scripts/setup-tree-sitter-grammars.mjs to copy tree-sitter WASM grammars into the package grammar directory.
- launch-bridge.cjs is a user-invoked CLI that starts server.js on 127.0.0.1 and opens the local app.
- Protected bridge routes require X-Bridge-Token/Authorization; /api/status discloses the token for the package's own local web app flow.
- No credential harvesting, install-time AI-agent control-surface hijack, destructive persistence, or hardcoded exfiltration endpoint was found.
- Network endpoints are package-aligned local bridge/model/remote features rather than covert exfiltration.
Source & flagged code
12 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgA single source file combines environment access, network access, and code or shell execution with blocking evidence.
server.jsView on unpkg · L18A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
server.jsView on unpkgPackage source references dynamic code evaluation.
wwwroot/assets/canvas-ai-task-core-ekSGbHyt.jsView on unpkg · L1221Package source references dynamic require/import behavior.
wwwroot/assets/supabaseAuthAdapter-By7glRIM.jsView on unpkg · L43Source launches a detached bundled service that exposes a broad-bound HTTP listener.
scripts/remote-fast-mdm-browser-smoke.mjsView on unpkg · L3Package ships native binary artifacts.
remote-fast/osx-x64/mindexec-remote-fastView on unpkgPackage ships WebAssembly modules.
tree-sitter-grammars/tree-sitter-go.wasmView on unpkgPackage ships non-JavaScript build or shell helper files.
start-bridge.batView on unpkg