AI Security Review
scanned 8d ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- README.md documents LLM-generated Dirac code that can immediately execute system commands.
- dist/chunk-6CVWLZYL.js implements <system> via child_process exec/spawn, including background shell execution.
- dist/chunk-6CVWLZYL.js supports <llm execute="true"> executing model output as Dirac code.
- dist/agent-L6C3Z2YG.js starts a detached package-owned session daemon under ~/.dirac when user runs dirac agent start.
- package.json has no npm lifecycle scripts, so suspicious code is not install-time triggered.
- dist/index.js only exports APIs and imports modules; no observed import-time exfiltration or persistence.
- dist/cli.js activates file execution, shell, or agent behavior only from explicit CLI commands.
- No writes to foreign AI-agent control surfaces such as Claude/Codex/Cursor/MCP configs were found.
- Network use is aligned with configured LLM providers or local embedding/custom LLM endpoints.
Source & flagged code
5 flagged · loading sourcePackage source references child process execution.
dist/agent-L6C3Z2YG.jsView on unpkg · L15This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/chunk-6CVWLZYL.jsView on unpkgPackage source references dynamic require/import behavior.
dist/chunk-6CVWLZYL.jsView on unpkg · L299Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/shell-3FJRBNSJ.jsView on unpkg · L20