AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. At runtime, the CLI's first-party sandbox bootstrap can load local plugin modules supplied by its host. It then exposes plugin hook and tool execution through IPC. No install-time attack surface was found.
Decision evidence
public snapshot- `extensions/plugin-sandbox-bootstrap.js` dynamically imports caller-supplied local plugin paths via `jiti`.
- The bootstrap invokes loaded plugin hooks, tools, commands, and rule/message handlers over process IPC.
- `bin/trumbo` is a native ARM64 ELF executable, so runtime behavior is not fully source-visible.
- `package.json` has no preinstall, install, postinstall, or prepare lifecycle scripts.
- No source evidence of credential harvesting, exfiltration, destructive writes, or foreign agent-config mutation.
- The flagged invisible characters in `mermaid-parser-Dj-OpFgW.js` occur in parser whitespace and rule-suffix literals, not deceptive control flow.
- Web assets are bundled editor, Mermaid, parser, and syntax-highlighting code; URL literals are documentation, placeholders, or local addresses.
Source & flagged code
5 flagged · loading sourcePackage source references dynamic require/import behavior.
hub/webview/assets/jsx-Bz0zcwM4.jsView on unpkg · L1Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
hub/webview/assets/mermaid-parser-Dj-OpFgW.jsView on unpkg · L46Package ships high-entropy non-source blobs.
hub/webview/icon.icoView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
hub/webview/assets/chunk-BO2N2NFS-CQpW6Dc6.jsView on unpkg