registry  /  dirac-lang  /  0.1.91

dirac-lang@0.1.91

LLM-Augmented Declarative Execution

AI Security Review

scanned 10d ago · by lpm-firewall-ai

No confirmed malicious attack surface is established. The package is an LLM-augmented execution language with explicit shell, file, scheduling, daemon, and LLM capabilities that are documented and user-invoked.

Static reason
One or more suspicious static signals were detected.
Trigger
User runs dirac/dish CLI, starts agent, or executes Dirac programs using powerful tags.
Impact
User-authored or LLM-generated Dirac code can execute shell commands, read/write selected files, call LLM endpoints, and run scheduled tasks.
Mechanism
documented interpreter and interactive shell capabilities
Rationale
The high-risk primitives are real but match the package's stated purpose as a user-invoked agentic execution language, and I found no lifecycle trigger, hidden import-time behavior, credential exfiltration, or unconsented persistence. Treat as dangerous-by-design tooling rather than malware.
Evidence
package.jsondist/cli.jsdist/index.jsdist/chunk-R42DSFUB.jsdist/chunk-PKLOBITC.jsdist/chunk-PPH7KYKH.jsdist/shell-U5L7KXSV.jsdist/agent-OP5VWQN3.jslib/native-tags.diREADME.md~/.dirac/config.yml~/.dirac/shell-init.di~/.dirac/session.pid~/.dirac/agent.loguser-specified input/output/config paths
Network endpoints3
localhost:11434/api/generatelocalhost:5001/chatlocalhost:11434/api/embeddings

Decision evidence

public snapshot
AI called this Clean at 84.0% confidence as Benign with medium false-positive risk.
Evidence for block
  • dist/chunk-PKLOBITC.js implements user-invoked <system> shell execution and background spawn.
  • dist/chunk-PKLOBITC.js has LLM execute/code-generation features and dynamic module import via <require_module>.
  • dist/shell-U5L7KXSV.js interactive shell runs typed commands through user's shell.
  • dist/agent-OP5VWQN3.js can start a user-requested local daemon under ~/.dirac.
Evidence against
  • package.json has no install/preinstall/postinstall lifecycle hooks.
  • dist/index.js only exports library APIs; no obvious import-time execution beyond module initialization.
  • CLI execution requires user commands or input files; source reads config/input files by explicit CLI paths or conventional config.
  • Network use is package-aligned LLM/embedding calls to OpenAI/Anthropic SDKs or configured/local LLM endpoints.
  • File writes are user-invoked language features: output/save/edit/history/agent pid-log files.
  • No credential harvesting or exfiltration path found; env vars are used as API/config inputs.
Behavioral surface
Source
ChildProcessDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStrings
ManifestNo manifest risk signals triggered.
scanned 23 file(s), 236 KB of source

Source & flagged code

4 flagged · loading source
dist/chunk-PKLOBITC.jsView file
1577// src/tags/system.ts L1578: import { exec, spawn } from "child_process"; L1579: import { promisify } from "util";
High
Child Process

Package source references child process execution.

dist/chunk-PKLOBITC.jsView on unpkg · L1577
1579import { promisify } from "util"; L1580: var execAsync = promisify(exec); L1581: async function executeSystem(session, element) {
High
Shell

Package source references shell execution.

dist/chunk-PKLOBITC.jsView on unpkg · L1579
299async function registerExtendChain(session, subroutine, currentName) { L300: const { executeSubroutine: executeSubroutine2 } = await import("./subroutine-7JJKHTV4.js"); L301: const extendsAttr = subroutine.attributes.extends;
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/chunk-PKLOBITC.jsView on unpkg · L299
dist/shell-U5L7KXSV.jsView file
20Cross-file remote execution chain: dist/shell-U5L7KXSV.js spawns dist/chunk-PKLOBITC.js; helper contains network access plus dynamic code execution. L20: import yaml from "js-yaml"; L21: var HISTORY_FILE = path.join(os.homedir(), ".dirac_history"); L22: var MAX_HISTORY = 1e3; ... L41: input: process.stdin, L42: output: process.stdout, L43: prompt: "> ", ... L86: ]; L87: const envVarNames = Object.keys(process.env).filter( L88: (name) => commonEnvVars.includes(name) || name.startsWith("DIRAC_") || name.startsWith("TELEGRAM_") ... L588: try { L589: formattedValue = JSON.stringify(JSON.parse(v.value), null, 2); L590: } catch {
High
Cross File Remote Execution Context

Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.

dist/shell-U5L7KXSV.jsView on unpkg · L20

Findings

3 High3 Medium3 Low
HighChild Processdist/chunk-PKLOBITC.js
HighShelldist/chunk-PKLOBITC.js
HighCross File Remote Execution Contextdist/shell-U5L7KXSV.js
MediumDynamic Requiredist/chunk-PKLOBITC.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings