registry  /  diavola  /  0.1.1

diavola@0.1.1

Desktop dev process launcher — one file, one click, everything runs.

AI Security Review

scanned 4d ago · by lpm-firewall-ai

The package is a CLI wrapper that downloads and runs a GitHub release binary for the declared Trame project. This is a risky staged-binary pattern, but no install-time execution or concrete malicious behavior was found in package source.

Static reason
One or more suspicious static signals were detected.
Trigger
User invokes the diavola CLI bin
Impact
Runs remote release asset from GitHub outside npm package contents; behavior depends on the downloaded binary.
Mechanism
download-and-run release binary launcher
Attack narrative
When a user runs the diavola command, npm/bin.cjs resolves the OS/architecture, queries the latest LeoMartinDev/trame GitHub release, downloads the matching asset, extracts or renames it into ~/.trame/bin, records the version, and spawns the resulting binary detached on Unix-like platforms.
Rationale
Static inspection confirms a user-invoked launcher for project-aligned GitHub release binaries with no lifecycle hook, exfiltration, persistence hook, or AI-agent control-surface mutation. The unresolved risk is the staged binary download/execute behavior, so warning is appropriate rather than blocking.
Evidence
package.jsonnpm/bin.cjs~/.trame/bin~/.trame/bin/.version~/.trame/bin/trame~/.trame/bin/trame.exe~/.trame/bin/Trame.app/Contents/MacOS/trame
Network endpoints2
api.github.com/repos/LeoMartinDev/trame/releases/latestasset.browser_download_url from GitHub release metadata

Decision evidence

public snapshot
AI called this Suspicious at 82.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • npm/bin.cjs fetches latest GitHub release metadata at runtime and downloads a platform asset via browser_download_url.
  • npm/bin.cjs writes the downloaded binary/cache under os.homedir()/.trame/bin and executes it with child_process.spawn.
  • npm/bin.cjs uses detached=true on non-Windows when launching the downloaded binary.
Evidence against
  • package.json defines only a bin entry and no preinstall/install/postinstall lifecycle scripts.
  • Execution is user-invoked through the diavola CLI, not automatic on install or import.
  • No source evidence of credential/env harvesting, exfiltration, destructive actions, agent control-surface writes, or VCS/shell persistence hooks.
  • Network endpoints are package-aligned with the declared repository LeoMartinDev/trame.
Behavioral surface
Source
ChildProcessFilesystemNetwork
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 4.78 KB of source, external domains: api.github.com

Source & flagged code

1 flagged · loading source
npm/bin.cjsView file
2L3: const { spawn } = require("child_process"); L4: const { createWriteStream, mkdirSync, chmodSync, existsSync, rmSync } = require("fs"); L5: const { join, dirname } = require("path"); L6: const { createGunzip } = require("zlib"); L7: const { pipeline } = require("stream"); ... L9: const os = require("os"); L10: const https = require("https"); L11: const http = require("http"); ... L15: const REPO = "LeoMartinDev/trame"; L16: const BIN_NAME = process.platform === "win32" ? "trame.exe" : "trame"; L17:
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

npm/bin.cjsView on unpkg · L2

Findings

1 High1 Medium2 Low
HighSandbox Evasion Gated Capabilitynpm/bin.cjs
MediumNetwork
LowFilesystem
LowUrl Strings