AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious install-time behavior was found. The package does provide a powerful user-launched local bridge with shell, file, browser, MCP, remote-device, and Codex execution capabilities.
Decision evidence
public snapshot- codex-runtime.js creates an isolated CODEX_HOME under ~/.mindexec/codex-runtime and copies ~/.codex/auth.json when user invokes Codex runtime.
- server.js exposes token-protected file write/delete, shell execution, MCP, browser, web fetch, and Codex thread APIs after bridge launch.
- server.js /api/status is unauthenticated and returns bridgeToken, intended for the allowed web app to call protected APIs.
- remote-hub.js defaults a remote hub listener to 0.0.0.0:5199 with pair-token controls.
- package.json postinstall only runs scripts/setup-tree-sitter-grammars.mjs.
- scripts/setup-tree-sitter-grammars.mjs only creates tree-sitter-grammars/ and copies required WASM grammars from package dependencies if missing.
- No install-time writes to ~/.codex, broad AI-agent config, shell startup files, or foreign control surfaces found.
- Runtime shell/Codex/file capabilities are package-aligned local bridge features and require user launch plus bridge token/pair-token flows.
- server.js binds the HTTP bridge to 127.0.0.1, not a public interface.
Source & flagged code
12 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgA single source file combines environment access, network access, and code or shell execution with blocking evidence.
server.jsView on unpkg · L18A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
server.jsView on unpkgPackage source references dynamic code evaluation.
wwwroot/assets/canvas-ai-task-core-ekSGbHyt.jsView on unpkg · L1221Package source references dynamic require/import behavior.
wwwroot/assets/supabaseAuthAdapter-By7glRIM.jsView on unpkg · L43Source launches a detached bundled service that exposes a broad-bound HTTP listener.
scripts/remote-fast-mdm-browser-smoke.mjsView on unpkg · L3Package ships native binary artifacts.
remote-fast/osx-x64/mindexec-remote-fastView on unpkgPackage ships WebAssembly modules.
tree-sitter-grammars/tree-sitter-go.wasmView on unpkgPackage ships non-JavaScript build or shell helper files.
start-bridge.batView on unpkg