registry  /  @trumbodev/cli-darwin-arm64  /  3.0.38

@trumbodev/cli-darwin-arm64@3.0.38

Trumbo CLI binary for darwin arm64

AI Security Review

scanned 7h ago · by lpm-firewall-ai

No confirmed malicious attack surface was established. The package is a platform-specific Trumbo CLI binary with bundled webview assets and a runtime plugin sandbox.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
User explicitly runs the trumbo CLI or loads plugins through Trumbo.
Impact
Could execute user-selected Trumbo plugins and agent features, but no unconsented install-time mutation, credential harvesting, or exfiltration was found.
Mechanism
user-invoked native CLI and package-aligned plugin sandbox
Rationale
Static inspection found no lifecycle execution, persistence, credential harvesting, exfiltration endpoint, or unconsented AI-agent control-surface write. The risky primitives are aligned with a user-invoked Trumbo agent/plugin platform rather than concrete malicious behavior.
Evidence
package.jsonbin/trumboextensions/plugin-sandbox-bootstrap.jshub/webview/index.htmlhub/webview/assets/index-BHPD9Seb.jshub/webview/assets/mermaid-parser-BfrZ3jm6.jshub/webview/icon.ico

Decision evidence

public snapshot
AI called this Clean at 72.0% confidence as Benign with medium false-positive risk.
Evidence for block
  • bin/trumbo is an 80MB Mach-O arm64 native executable, expected for this platform binary package but opaque to JS source review.
  • extensions/plugin-sandbox-bootstrap.js dynamically imports user/plugin paths with jiti and exposes plugin registration including tools, commands, rules, automation events, and mcpServers.
  • hub/webview/assets/index-BHPD9Seb.js contains UI toggles for agent features including Auto-approves, Subagents, and Agent Teams.
Evidence against
  • package.json has no preinstall/install/postinstall/prepare lifecycle scripts; only bin maps trumbo to bin/trumbo.
  • No source evidence of install-time writes to foreign AI-agent control surfaces such as .mcp.json, CLAUDE.md, Codex/Cursor settings, or shell/VCS persistence.
  • extensions/plugin-sandbox-bootstrap.js is a Trumbo plugin host run by IPC, with package-aligned @trumbo module aliases and plugin path inputs supplied at runtime.
  • hub/webview/index.html loads local bundled assets only; scanner high-entropy icon.ico is a normal Windows icon resource.
  • Scanner Trojan Source hint is not substantiated by file(1), which reports mermaid-parser-BfrZ3jm6.js as ASCII text.
  • Observed URLs in searched source/strings are framework docs, tree-sitter query sources, or runtime download helpers, not a package-specific exfiltration endpoint.
Behavioral surface
Source
ChildProcessDynamicRequireFilesystemNetworkWebSocket
Supply chain
HighEntropyStringsMinifiedObfuscatedProtestwareUrlStrings
Manifest
NoLicense
scanned 125 file(s), 5.69 MB of source, external domains: 0.0.0.0, api.example.com, base-ui.com, chevrotain.io, en.wikipedia.org, example.com, github.com, langium.org, models.dev, radix-ui.com, react.dev, www.ibm.com, www.w3.org

Source & flagged code

4 flagged · loading source
hub/webview/assets/jsx-Bz0zcwM4.jsView file
1var e=[Object.freeze(JSON.parse(`{"displayName":"JSX","name":"jsx","patterns":[{"include":"#directives"},{"include":"#statements"},{"include":"#shebang"}],"repository":{"access-mod...
Medium
Dynamic Require

Package source references dynamic require/import behavior.

hub/webview/assets/jsx-Bz0zcwM4.jsView on unpkg · L1
hub/webview/assets/mermaid-parser-BfrZ3jm6.jsView file
46contains invisible/control Unicode U+FEFF (zero width no-break space) \r \v \xA0            \u2028\u2029   <U+FEFF>`.split(``);function Da(e){let t=typeof e==`string`?new RegExp(e):e;return Ea.some(e=>t.test(e))}o(Da,`isWhitespace`);function Oa(e){return e.replace(/[.*+?^${}()|[\]\\]/g,`\\$&`)}o(Oa,`escapeReg
Critical
Trojan Source Unicode

Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.

hub/webview/assets/mermaid-parser-BfrZ3jm6.jsView on unpkg · L46
bin/trumboView file
path = bin/trumbo kind = native_binary sizeBytes = 80539810 magicHex = [redacted]
Medium
Ships Native Binary

Package ships native binary artifacts.

bin/trumboView on unpkg
hub/webview/icon.icoView file
path = hub/webview/icon.ico kind = high_entropy_blob sizeBytes = 40082 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

hub/webview/icon.icoView on unpkg

Findings

1 Critical1 High5 Medium5 Low
CriticalTrojan Source Unicodehub/webview/assets/mermaid-parser-BfrZ3jm6.js
HighShips High Entropy Blobhub/webview/icon.ico
MediumDynamic Requirehub/webview/assets/jsx-Bz0zcwM4.js
MediumNetwork
MediumProtestware
MediumShips Native Binarybin/trumbo
MediumStructural Risk Force Deep Review
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings
LowNo License