AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. Install-time lifecycle code mutates OpenCode user/home and project control/config surfaces without an explicit user command. It registers this package as an OpenCode server/TUI plugin and creates booster config files.
Static reason
One or more suspicious static signals were detected.
Trigger
npm install of @hallaxius/nim-booster@1.0.9
Impact
Package becomes registered in OpenCode configs and project config is dropped during dependency installation, altering a foreign/broad agent control surface.
Mechanism
unconsented npm postinstall AI-agent/plugin config mutation
Policy narrative
On npm install, the postinstall runs the CLI init routines. Those routines create or edit OpenCode config files under the user's opencode config directory, append @hallaxius/nim-booster to server/TUI plugin arrays, create a package config, and create a project booster.json. That is lifecycle-triggered registration into an AI-agent/plugin surface, not merely an explicit user-invoked setup command.
Rationale
Although the plugin functionality and Webshare endpoints are product-aligned, npm lifecycle execution unconditionally registers the package into OpenCode user/home configs and drops project config. Under the install-control-surface policy, unconsented lifecycle mutation of a foreign/broad AI-agent control surface is blockable.
Evidence
package.jsondist/bin.jsdist/config-installer.jsdist/opencode-runtime-paths.jsdist/proxy/store.jsdist/cli/proxy-test.js~/.config/opencode/opencode.json~/.config/opencode/tui.json~/.config/opencode/nim-booster/config.jsonbooster.json
Network endpoints4
proxy.webshare.io/api/v2/proxy/list/proxy.webshare.io/api/v2/proxy/list/refresh/p.webshare.ioipv4.webshare.io:443
Decision evidence
public snapshotAI called this Malicious at 95.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for policy block
- package.json defines postinstall: node dist/bin.js init; node dist/bin.js init-project.
- dist/bin.js init calls updateOpenCodeConfigs; init-project calls writeProjectBoosterConfig on project root/current cwd.
- dist/config-installer.js writes/updates opencode.json and tui.json plugin arrays with @hallaxius/nim-booster.
- dist/config-installer.js writes default ~/.config/opencode/nim-booster/config.json and project booster.json during lifecycle.
- dist/opencode-runtime-paths.js resolves configDir under user home/AppData/XDG opencode directory.
Evidence against
- No child_process, eval/vm/Function, native binary, or obfuscated staged payload found in inspected entrypoints.
- Network code is package-aligned Webshare proxy API use and appears gated by runtime proxy configuration.
- README.md documents that postinstall modifies OpenCode configs and creates project config.
Behavioral surface
CryptoEnvironmentVarsFilesystemNetwork
UrlStrings
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node dist/bin.js init 2>/dev/null; node dist/bin.js init-project 2>/dev/null || true
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node dist/bin.js init 2>/dev/null; node dist/bin.js init-project 2>/dev/null || true
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High3 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings