registry  /  @hallaxius/nim-booster  /  1.1.0

@hallaxius/nim-booster@1.1.0

OpenCode plugin that supercharges NVIDIA NIM providers — health-score key rotation, adaptive throttling, and automatic proxy rotation via webshare.io.

AI Security Review

scanned 2h ago · by lpm-firewall-ai

LPM blocks this version under the AI-agent control-surface policy. Install-time lifecycle code mutates OpenCode agent/plugin configuration in the user config directory and consumer project. This creates a standing AI-agent/plugin control-surface registration without an explicit user command.

Static reason
One or more suspicious static signals were detected.
Trigger
npm install postinstall
Impact
OpenCode loads package-supplied server/TUI plugin and project config after install, giving the package agent-facing control surface access
Mechanism
unconsented lifecycle registration into OpenCode config
Policy narrative
On install, npm runs `dist/bin.js init` and `init-project`. The init path creates or edits OpenCode `opencode.json` and `tui.json`, appending the package as a plugin, then writes default nim-booster config. The project init path searches upward for a project root and writes `booster.jsonc`. That lifecycle behavior plants an AI-agent plugin registration into a user/home OpenCode control surface without an explicit user invocation.
Rationale
The package appears to be a real OpenCode/NIM booster, but its postinstall performs unconsented registration into OpenCode agent configs and project config. Under the install-control-surface policy, lifecycle mutation of a foreign/broad AI-agent control surface is blockable even when the content is product-aligned.
Evidence
package.jsondist/bin.jsdist/config-installer.jsdist/opencode-runtime-paths.jsdist/server.jsdist/proxy/store.js~/.config/opencode/opencode.json~/.config/opencode/tui.json~/.config/opencode/nim-booster/config.jsonbooster.jsonc
Network endpoints2
proxy.webshare.io/api/v2/proxy/list/proxy.webshare.io/api/v2/proxy/list/refresh/

Decision evidence

public snapshot
AI called this Malicious at 94.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for policy block
  • package.json postinstall runs `node dist/bin.js init` and `init-project`.
  • dist/bin.js dispatches postinstall `init` to updateOpenCodeConfigs and `init-project` to writeProjectBoosterConfig.
  • dist/config-installer.js writes OpenCode `opencode.json` and `tui.json` plugin entries under the user config dir.
  • dist/config-installer.js writes project `booster.jsonc` from lifecycle by searching upward for a project root.
  • dist/config-installer.js default config registers `@hallaxius/nim-booster` into OpenCode config without an explicit user command.
Evidence against
  • Network code is package-aligned Webshare proxy support and requires configured token.
  • No child_process, eval, dynamic remote code loading, or credential exfiltration found in inspected dist files.
  • README documents that postinstall modifies OpenCode configs, but install-time consent is still absent.
Behavioral surface
Source
CryptoEnvironmentVarsFilesystemNetwork
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 29 file(s), 138 KB of source, external domains: opencode.ai, proxy.webshare.io

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node dist/bin.js init 2>/dev/null; node dist/bin.js init-project 2>/dev/null || true
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node dist/bin.js init 2>/dev/null; node dist/bin.js init-project 2>/dev/null || true
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High3 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings