原文摘要
Delightfully cursed Python library by Brock Wilcox, built on top of LLM:
from gremllm import Gremllm counter = Gremllm("counter") counter.value = 5 counter.increment() print(counter.value) # 6? print(counter.to_roman_numerals()) # VI?
You tell your Gremllm what it should be in the constructor, then it uses an LLM to hallucinate method implementations based on the method name every time you call them!
This utility class can be used for a variety of purposes. Uhm. Also please don't use this and if you do please tell me because WOW. Or maybe don't tell me. Or do.
Here's the system prompt, which starts:
You are a helpful AI assistant living inside a Python object called '{self._identity}'.
Someone is interacting with you and you need to respond by generating Python code that will be eval'd in your context.
You have access to 'self' (the object) and can modify self._context to store data.
<p><small></small>Via <a href="https://mastodon.social/@awwaiid/114781009945415816">@awwaiid</a></small></p>
<p>Tags: <a href="https://simonwillison.net/tags/python">python</a>, <a href="https://simonwillison.net/tags/ai">ai</a>, <a href="https://simonwillison.net/tags/prompt-engineering">prompt-engineering</a>, <a href="https://simonwillison.net/tags/generative-ai">generative-ai</a>, <a href="https://simonwillison.net/tags/llms">llms</a>, <a href="https://simonwillison.net/tags/llm">llm</a></p>
进一步信息揣测
- 动态方法实现的潜在风险:该库通过LLM实时生成方法实现代码并执行,存在严重的安全隐患(如代码注入风险),作者明确警告“请不要使用”暗示其危险性远超表面功能。
- 非确定性行为陷阱:方法调用结果完全依赖LLM的即时响应,同一方法名在不同上下文可能返回不同实现(如
increment()可能不会按预期增加数值),不适合生产环境。 - 隐蔽的调试成本:由于方法逻辑是动态生成的,传统调试工具(如断点、日志)几乎失效,问题排查需依赖LLM输出的原始提示和生成代码,极大增加维护难度。
- 系统提示的操控漏洞:系统提示中暴露了
self._context可被任意修改,攻击者可能通过精心设计的方法名或输入篡改内部状态,导致数据泄露或系统崩溃。 - 行业内的实验性工具共识:此类“ cursed ”(被作者自嘲为“诅咒级”)项目通常仅用于探索LLM边界,内部人士会避免在生产中应用,但可作为研究AI代码生成极限的案例。
- 未公开的性能开销:每次方法调用都需触发LLM推理,实际延迟和API成本远超常规代码,但文档未明确警示,需自行压测评估。
- 社区潜规则:作者矛盾的态度(“告诉我/别告诉我”)反映AI开源社区对类似项目的谨慎态度——鼓励创新但需控制传播,避免被误用于关键系统。