registry  /  dilema  /  1.0.1

dilema@1.0.1

System-wide AI overlay. Hidden from screen sharing.

AI Security Review

scanned 2h ago · by lpm-firewall-ai

User running the CLI starts a stealth Electron overlay with watchdog persistence. On Windows it targets TestPad/exam windows, injects bundled unprotect.dll into protected processes, bypasses screen-capture protections, captures screen content, and sends screenshots/text to Groq for answers.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
User invokes `dilema`/`dilema start` CLI command
Impact
Bypasses exam/proctoring display protections, hides itself from screen sharing, persists/restarts under Microsoft-like names, and transmits captured screen content to an external AI API.
Mechanism
stealth persistence plus DLL injection and protected-window screenshot capture
Attack narrative
After `dilema start`, the CLI launches a detached guard/daemon, disguises Electron as Microsoft Edge WebView2, and installs a scheduled task for minute-by-minute resurrection. The daemon repeatedly finds TestPad/exam windows, injects a bundled DLL via PowerShell CreateRemoteThread/LoadLibraryW, captures otherwise protected content, and forwards screenshots or extracted text to Groq to solve questions while the overlay is hidden from screen sharing.
Rationale
Source inspection confirms intentional stealth, persistence, DLL injection into exam software, screen-protection bypass, and external AI submission; this is concrete abusive behavior even though it is user-command triggered rather than npm lifecycle triggered. The scanner's encrypted-payload wording is less central than the directly readable injection, disguise, and watchdog code.
Evidence
package.jsondist/cli/index.jscli/guard.cjsdesktop/dist/daemon.cjsdesktop/resources/inject_dll.ps1desktop/resources/capture_testpad.ps1desktop/resources/find_testpad.ps1README.mddesktop/resources/unprotect.dll%APPDATA%/Dilemma/launch.json%APPDATA%/Dilemma/resurrect.js%APPDATA%/dilemma/Dilemma.pid%APPDATA%/dilemma/guard.pidnode_modules/electron/dist/msedgewebview2.exe
Network endpoints2
api.groq.comconsole.groq.com/keys

Decision evidence

public snapshot
AI called this Malicious at 97.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • dist/cli/index.js start spawns hidden daemon/guard and creates Windows scheduled task MicrosoftEdgeWebView2Update every minute
  • dist/cli/index.js copies electron.exe to msedgewebview2.exe and rewrites metadata to Microsoft Edge WebView2
  • cli/guard.cjs disguises process title as Windows Audio Device Graph Isolation and auto-restarts daemon
  • desktop/dist/daemon.cjs runs ensureTestpadUnprotected on startup and every 5s
  • desktop/resources/inject_dll.ps1 performs OpenProcess/VirtualAllocEx/WriteProcessMemory/CreateRemoteThread DLL injection
  • desktop/resources/capture_testpad.ps1 says it bypasses SetWindowDisplayAffinity and captures TestPad/exam windows
Evidence against
  • package.json has no npm lifecycle hooks, so behavior is not install-time
  • network use is package-aligned Groq API request for AI overlay responses
  • CLI exposes stop command and daemon has stop flag cleanup paths
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsEvalFilesystemNativeBindingsNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 6 file(s), 504 KB of source, external domains: console.groq.com, gist.github.com, github.com, json-schema.org, mathiasbynens.be, raw.githubusercontent.com, spec.openapis.org, stackoverflow.com, tools.ietf.org, wiki.debian.org, www.w3.org

Source & flagged code

8 flagged · loading source
dist/cli/index.jsView file
13import { fileURLToPath } from "url"; L14: import { spawn, execSync } from "child_process"; L15: import { createRequire } from "module";
High
Child Process

Package source references child process execution.

dist/cli/index.jsView on unpkg · L13
13Cross-file remote execution chain: dist/cli/index.js spawns desktop/dist/daemon.cjs; helper contains network access plus dynamic code execution. L13: import { fileURLToPath } from "url"; L14: import { spawn, execSync } from "child_process"; L15: import { createRequire } from "module"; ... L23: // shared/crypto.ts L24: import { createCipheriv, createDecipheriv, createHash, randomBytes } from "crypto"; L25: var ALGO = "aes-256-gcm"; L26: function machineScopedSecret() { L27: const basis = `${process.platform}|${process.arch}|${process.env.USERNAME ?? process.env.USER ?? "user"}`; L28: return createHash("sha256").update(basis).digest(); ... L118: const seeds = []; L119: if (typeof __dirname !== "undefined") { L120: seeds.push(__dirname);
High
Cross File Remote Execution Context

Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.

dist/cli/index.jsView on unpkg · L13
13import { fileURLToPath } from "url"; L14: import { spawn, execSync } from "child_process"; L15: import { createRequire } from "module"; ... L23: // shared/crypto.ts L24: import { createCipheriv, createDecipheriv, createHash, randomBytes } from "crypto"; L25: var ALGO = "aes-256-gcm"; L26: function machineScopedSecret() { L27: const basis = `${process.platform}|${process.arch}|${process.env.USERNAME ?? process.env.USER ?? "user"}`; L28: return createHash("sha256").update(basis).digest(); ... L118: const seeds = []; L119: if (typeof __dirname !== "undefined") { L120: seeds.push(__dirname);
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

dist/cli/index.jsView on unpkg · L13
desktop/dist/daemon.cjsView file
context = if (basename.length <= LIMIT_BASENAME_LENGTH)\n return filePath;\n const truncable = /^(\.?)(.*?)((?:\.[^.]+)?(?:\.tmp-\d{10}[a-f0-9]{6})?)$/.exec(basename);\n if (!truncable)\n return filePath;\n const truncationLength = basename.length - LIMIT_BASENAME_LENGTH;\n return `${filePath.slice(0, -basename.length)}${truncable[1]}${truncable[2].slice(0, -truncationLength)}${truncable[3]}`;\n }\n};\nnode_default(Temp.purgeSyncAll);\nvar temp_default = Temp;\n\n// node_modules/atomically/dist/index.js\nfunction writeFileSync(filePath, data, options = DEFAULT_WRITE_OPTIONS) {\n if (isString(options))\n return writeFileSync(filePath, data, { encoding: options });\n const timeout = options.timeout ?? DEFAULT_TIMEOUT_SYNC;\n const retryOptions = { timeout };\n let tempDisposer = null;\n let tempPath = null;\n let fd = null;\n try {\n const filePathReal = dist_default.attempt.realpathSync(filePath);\n const filePathExists = !!filePathReal;\n filePath = filePathReal || filePath;\n [tempPath, tempDisposer] = temp_defau
Critical
Encrypted Payload Temp Execution

Source decrypts an embedded payload, writes it to disk, and executes it through a child process.

desktop/dist/daemon.cjsView on unpkg
11393const result = (0, import_node_child_process.execSync)( L11394: `powershell -NoProfile -ExecutionPolicy Bypass -File "${script}"`, L11395: { timeout: 4e3, windowsHide: true, encoding: "utf8" }
High
Shell

Package source references shell execution.

desktop/dist/daemon.cjsView on unpkg · L11393
2945sourceCode = this.opts.code.process(sourceCode, sch); L2946: const makeValidate = new Function(`${names_1.default.self}`, `${names_1.default.scope}`, sourceCode); L2947: const validate = makeValidate(this, this.scope.get());
Low
Eval

Package source references a known benign dynamic code generation pattern.

desktop/dist/daemon.cjsView on unpkg · L2945
desktop/resources/unprotect.dllView file
path = desktop/resources/unprotect.dll kind = native_binary sizeBytes = 14336 magicHex = [redacted]
Medium
Ships Native Binary

Package ships native binary artifacts.

desktop/resources/unprotect.dllView on unpkg
desktop/resources/inject_dll.ps1View file
path = desktop/resources/inject_dll.ps1 kind = build_helper sizeBytes = 2304 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

desktop/resources/inject_dll.ps1View on unpkg

Findings

1 Critical3 High6 Medium5 Low
CriticalEncrypted Payload Temp Executiondesktop/dist/daemon.cjs
HighChild Processdist/cli/index.js
HighShelldesktop/dist/daemon.cjs
HighCross File Remote Execution Contextdist/cli/index.js
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencedist/cli/index.js
MediumShips Native Binarydesktop/resources/unprotect.dll
MediumShips Build Helperdesktop/resources/inject_dll.ps1
MediumStructural Risk Force Deep Review
LowScripts Present
LowEvaldesktop/dist/daemon.cjs
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings