registry  /  dirac-lang  /  0.1.92

dirac-lang@0.1.92

LLM-Augmented Declarative Execution

AI Security Review

scanned 9d ago · by lpm-firewall-ai

No confirmed malicious attack surface. The risky primitives are package-aligned interpreter and shell features requiring user CLI/program action, not install-time or import-time execution.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs dirac/dish CLI, starts agent, or executes Dirac code containing system/eval/llm tags.
Impact
User-authored or LLM-generated Dirac programs can execute commands, write files, and call configured LLM endpoints by design.
Mechanism
user-invoked declarative language interpreter with LLM, eval, shell, file output, and local daemon features
Rationale
Static inspection found no lifecycle hook, covert exfiltration, persistence, destructive behavior, or unconsented execution. The shell/eval/network primitives are explicit user-invoked features of an LLM-augmented execution language documented in README.md.
Evidence
package.jsondist/cli.jsdist/chunk-ZRYXVVUV.jsdist/chunk-PPH7KYKH.jsdist/agent-ZYONE5JH.jsdist/shell-MGGRRK5F.jsREADME.md~/.dirac/session.pid~/.dirac/agent.log~/.dirac_historyuser-specified Dirac input/output files
Network endpoints3
localhost:11434/api/generatelocalhost:5001/chatlocalhost:11434/api/embeddings

Decision evidence

public snapshot
AI called this Clean at 86.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has no install/preinstall/postinstall lifecycle hooks
    • dist/cli.js only runs when dirac/dish CLI is invoked and reads user-specified config/input files
    • dist/chunk-ZRYXVVUV.js system/eval/require_module tags are interpreter features activated by Dirac programs
    • dist/chunk-PPH7KYKH.js uses API keys only to initialize configured LLM providers
    • dist/agent-ZYONE5JH.js starts/stops a user-invoked local daemon under ~/.dirac
    • README.md documents LLM code execution and shell command features as core package behavior
    Behavioral surface
    Source
    ChildProcessDynamicRequireEnvironmentVarsFilesystemNetworkShell
    Supply chain
    HighEntropyStrings
    ManifestNo manifest risk signals triggered.
    scanned 23 file(s), 236 KB of source

    Source & flagged code

    5 flagged · loading source
    dist/agent-ZYONE5JH.jsView file
    15import os from "os"; L16: import { spawn } from "child_process"; L17: var AGENT_DIR = path.join(os.homedir(), ".dirac");
    High
    Child Process

    Package source references child process execution.

    dist/agent-ZYONE5JH.jsView on unpkg · L15
    dist/chunk-ZRYXVVUV.jsView file
    matchType = previous_version_dangerous_delta matchedPackage = dirac-lang@0.1.91 matchedIdentity = npm:ZGlyYWMtbGFuZw:0.1.91 similarity = 0.957 summary = stored previous version shares package body but lacks this dangerous source file
    Critical
    Previous Version Dangerous Delta

    This package version adds a dangerous source file absent from the previous stored version.

    dist/chunk-ZRYXVVUV.jsView on unpkg
    1579import { promisify } from "util"; L1580: var execAsync = promisify(exec); L1581: async function executeSystem(session, element) {
    High
    Shell

    Package source references shell execution.

    dist/chunk-ZRYXVVUV.jsView on unpkg · L1579
    299async function registerExtendChain(session, subroutine, currentName) { L300: const { executeSubroutine: executeSubroutine2 } = await import("./subroutine-7JJKHTV4.js"); L301: const extendsAttr = subroutine.attributes.extends;
    Medium
    Dynamic Require

    Package source references dynamic require/import behavior.

    dist/chunk-ZRYXVVUV.jsView on unpkg · L299
    dist/shell-MGGRRK5F.jsView file
    20Cross-file remote execution chain: dist/shell-MGGRRK5F.js spawns dist/chunk-ZRYXVVUV.js; helper contains network access plus dynamic code execution. L20: import yaml from "js-yaml"; L21: var HISTORY_FILE = path.join(os.homedir(), ".dirac_history"); L22: var MAX_HISTORY = 1e3; ... L41: input: process.stdin, L42: output: process.stdout, L43: prompt: "> ", ... L86: ]; L87: const envVarNames = Object.keys(process.env).filter( L88: (name) => commonEnvVars.includes(name) || name.startsWith("DIRAC_") || name.startsWith("TELEGRAM_") ... L588: try { L589: formattedValue = JSON.stringify(JSON.parse(v.value), null, 2); L590: } catch {
    High
    Cross File Remote Execution Context

    Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.

    dist/shell-MGGRRK5F.jsView on unpkg · L20

    Findings

    1 Critical3 High3 Medium3 Low
    CriticalPrevious Version Dangerous Deltadist/chunk-ZRYXVVUV.js
    HighChild Processdist/agent-ZYONE5JH.js
    HighShelldist/chunk-ZRYXVVUV.js
    HighCross File Remote Execution Contextdist/shell-MGGRRK5F.js
    MediumDynamic Requiredist/chunk-ZRYXVVUV.js
    MediumNetwork
    MediumEnvironment Vars
    LowScripts Present
    LowFilesystem
    LowHigh Entropy Strings