AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. The package uses an npm postinstall hook to register itself into the user's OpenCode configuration. This lifecycle-triggered AI-agent control-surface mutation occurs without an interactive consent gate.
Static reason
One or more suspicious static signals were detected.
Trigger
npm install of @hallaxius/nim-booster@1.0.5
Impact
Unconsented activation of package-supplied OpenCode server/TUI plugin in the user's agent environment.
Mechanism
postinstall self-registration into OpenCode plugin configs
Policy narrative
On installation, npm runs the package postinstall command `node dist/bin.js init`. That CLI path calls `updateOpenCodeConfigs`, creates the OpenCode config directory, adds `@hallaxius/nim-booster` to both `opencode.json` and `tui.json`, and writes a default `nim-booster/config.json`. This registers package code into an AI-agent plugin surface as an install side effect rather than an explicit user-invoked setup step.
Rationale
Static source inspection confirms unconsented lifecycle-time mutation of a broad OpenCode AI-agent control surface, which is blockable under the install-control-surface policy. The proxy and key-management functionality appears package-aligned, but it does not mitigate the postinstall registration behavior.
Evidence
package.jsondist/bin.jsdist/config-installer.jsdist/opencode-runtime-paths.jsdist/proxy/store.jsdist/proxy/health.jsdist/config.js<opencode config dir>/opencode.json<opencode config dir>/tui.json<opencode config dir>/nim-booster/config.json
Network endpoints4
proxy.webshare.io/api/v2/proxy/list/proxy.webshare.io/api/v2/proxy/list/refresh/ipv4.webshare.io:443p.webshare.io
Decision evidence
public snapshotAI called this Malicious at 94.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for policy block
- package.json postinstall runs `node dist/bin.js init` during npm install.
- dist/bin.js `init` calls updateOpenCodeConfigs without an interactive consent gate.
- dist/config-installer.js creates/modifies OpenCode `opencode.json` and `tui.json` plugin arrays to add `@hallaxius/nim-booster`.
- dist/config-installer.js also writes `nim-booster/config.json` under the OpenCode config directory.
- dist/config-installer.js resolves the default target from OPENCODE_CONFIG_DIR or the user OpenCode config directory.
Evidence against
- No child_process, eval/vm/Function, native binary loading, or obfuscated payload found in inspected files.
- Network use is package-aligned Webshare proxy API access and proxy health checks, gated by configured token/proxy settings.
- Credential handling stores user-provided OpenCode keys and Webshare token locally under OpenCode config/data paths.
- No evidence of credential exfiltration, destructive filesystem behavior, or persistence outside OpenCode config/data paths.
Behavioral surface
CryptoEnvironmentVarsFilesystemNetwork
HighEntropyStringsUrlStrings
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node dist/bin.js init 2>/dev/null || true
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node dist/bin.js init 2>/dev/null || true
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High3 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings