registry  /  @hallaxius/nim-booster  /  1.0.4

@hallaxius/nim-booster@1.0.4

OpenCode plugin that boosts NVIDIA NIM providers with health-score rotation, adaptive throttling, and webshare.io proxy rotation.

AI Security Review

scanned 2h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. Install-time lifecycle registers this package into OpenCode config and creates a package config file. This is an agent extension lifecycle risk, but inspection did not confirm foreign agent hijack, credential exfiltration, or remote code execution.

Static reason
One or more suspicious static signals were detected.
Trigger
npm postinstall or user-invoked booster init; runtime OpenCode plugin events
Impact
Unprompted OpenCode config mutation; runtime may rotate local provider keys and optionally route fetches through Webshare when configured
Mechanism
lifecycle OpenCode plugin registration and runtime key/proxy rotation
Policy narrative
On install, postinstall runs the CLI init path, which resolves the OpenCode config directory and adds @hallaxius/nim-booster to opencode.json and tui.json, then writes a default nim-booster config. At runtime, the OpenCode plugin reacts to session errors, rotates locally saved provider keys, and can use Webshare proxy APIs if the user configures a token.
Rationale
The package has unprompted lifecycle mutation of an OpenCode control surface, so it is not clean. Because the writes are package-aligned within the OpenCode namespace and no exfiltration, RCE, persistence outside that platform, or foreign agent hijack was found, warn rather than block.
Evidence
package.jsondist/bin.jsdist/config-installer.jsdist/config.jsdist/server.jsdist/key-store.jsdist/proxy/store.jsdist/proxy/fetch-patch.js<opencode configDir>/opencode.json<opencode configDir>/tui.json<opencode configDir>/nim-booster/config.json<opencode dataDir>/auth.json<opencode dataDir>/keys/
Network endpoints3
proxy.webshare.io/api/v2/proxy/list/proxy.webshare.io/api/v2/proxy/list/refresh/p.webshare.io

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • package.json runs postinstall: node dist/bin.js init
  • dist/bin.js init calls updateOpenCodeConfigs without user prompt
  • dist/config-installer.js writes opencode.json and tui.json plugin entries
  • dist/config-installer.js creates nim-booster/config.json defaults under OpenCode config dir
Evidence against
  • package declares oc-plugin server/tui and behavior is OpenCode plugin-aligned
  • No child_process, eval, dynamic require, native/binary loading found
  • Webshare network calls require configured token/proxy and are package-aligned
  • Credential handling stores provider keys locally under OpenCode paths; no exfil endpoint found
Behavioral surface
Source
CryptoEnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 29 file(s), 120 KB of source, external domains: opencode.ai, proxy.webshare.io

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node dist/bin.js init 2>/dev/null || true
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node dist/bin.js init 2>/dev/null || true
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High3 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings