registry  /  @trumbodev/cli  /  3.0.46

@trumbodev/cli@3.0.46

Autonomous coding agent CLI - capable of creating/editing files, running commands, using the browser, and more

AI Security Review

scanned 4h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. The package is a thin JS wrapper for a platform-specific compiled CLI with an install-time binary cache. The unresolved risk is lifecycle copying of an executable into a first-party Trumbo home/app-data path, but no confirmed malicious source behavior is present.

Static reason
One or more suspicious static signals were detected.
Trigger
npm install runs postinstall; trumbo command runs bin/trumbo
Impact
Installs and later executes the Trumbo platform binary; no source evidence of credential theft, exfiltration, or foreign AI-agent control-surface mutation.
Mechanism
install-time platform binary caching and CLI binary dispatch
Policy narrative
On install, postinstall.mjs resolves the matching optional @trumbodev platform package and copies or links its binary into a stable Trumbo-owned cache path, plus an optional wrapper-local cache. At runtime, bin/trumbo chooses TRUMBO_BIN_PATH, the cache, or the optional dependency binary and spawns it with user arguments. The reviewed JS sources do not plant foreign agent instructions, register MCP servers, harvest credentials, or contact remote endpoints.
Rationale
This is not malicious by source inspection: the suspicious lifecycle hook is package-aligned binary caching for an AI CLI. Because it lifecycle-installs an executable into a first-party home/app-data namespace and dispatches an uninspected platform binary, downgrade to warn rather than block.
Evidence
package.jsonpostinstall.mjslocal-binary-cache.mjsbin/trumbobin/trumbo.cmdREADME.md~/.trumbo/bin/trumbo%LOCALAPPDATA%/Trumbo/bin/trumbo.exebin/.trumbobin/.trumbo.exe%LOCALAPPDATA%/Trumbo/bin/current.txt

Decision evidence

public snapshot
AI called this Suspicious at 82.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • package.json defines postinstall: node ./postinstall.mjs || true
  • postinstall.mjs copies platform binary from @trumbodev/cli-<platform>-<arch> during install
  • local-binary-cache.mjs writes executable cache under ~/.trumbo/bin/trumbo or %LOCALAPPDATA%/Trumbo/bin/trumbo.exe
  • bin/trumbo executes cached/platform binary and honors TRUMBO_BIN_PATH override
Evidence against
  • No code in wrapper/postinstall writes Claude/Codex/Cursor/MCP control files
  • No fetch/http client or exfiltration endpoint in executable JS sources
  • Lifecycle behavior is package-aligned binary caching, not foreign agent hijack
  • No eval/vm/Function or remote code loading in JS wrapper files
  • bin/trumbo only runs on explicit CLI invocation after install
Behavioral surface
Source
EnvironmentVarsFilesystem
Supply chainNo supply-chain packaging signals triggered.
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 4.97 KB of source

Source & flagged code

3 flagged · loading source
package.jsonView file
scripts.postinstall = node ./postinstall.mjs || true
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node ./postinstall.mjs || true
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
bin/trumbo.cmdView file
path = bin/trumbo.cmd kind = build_helper sizeBytes = 507 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

bin/trumbo.cmdView on unpkg

Findings

1 High3 Medium2 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumEnvironment Vars
MediumShips Build Helperbin/trumbo.cmd
LowScripts Present
LowFilesystem