AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. Install-time lifecycle code mutates OpenCode agent/plugin configuration in the user config directory and consumer project. This creates a standing AI-agent/plugin control-surface registration without an explicit user command.
Static reason
One or more suspicious static signals were detected.
Trigger
npm install postinstall
Impact
OpenCode loads package-supplied server/TUI plugin and project config after install, giving the package agent-facing control surface access
Mechanism
unconsented lifecycle registration into OpenCode config
Policy narrative
On install, npm runs `dist/bin.js init` and `init-project`. The init path creates or edits OpenCode `opencode.json` and `tui.json`, appending the package as a plugin, then writes default nim-booster config. The project init path searches upward for a project root and writes `booster.jsonc`. That lifecycle behavior plants an AI-agent plugin registration into a user/home OpenCode control surface without an explicit user invocation.
Rationale
The package appears to be a real OpenCode/NIM booster, but its postinstall performs unconsented registration into OpenCode agent configs and project config. Under the install-control-surface policy, lifecycle mutation of a foreign/broad AI-agent control surface is blockable even when the content is product-aligned.
Evidence
package.jsondist/bin.jsdist/config-installer.jsdist/opencode-runtime-paths.jsdist/server.jsdist/proxy/store.js~/.config/opencode/opencode.json~/.config/opencode/tui.json~/.config/opencode/nim-booster/config.jsonbooster.jsonc
Network endpoints2
proxy.webshare.io/api/v2/proxy/list/proxy.webshare.io/api/v2/proxy/list/refresh/
Decision evidence
public snapshotAI called this Malicious at 94.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for policy block
- package.json postinstall runs `node dist/bin.js init` and `init-project`.
- dist/bin.js dispatches postinstall `init` to updateOpenCodeConfigs and `init-project` to writeProjectBoosterConfig.
- dist/config-installer.js writes OpenCode `opencode.json` and `tui.json` plugin entries under the user config dir.
- dist/config-installer.js writes project `booster.jsonc` from lifecycle by searching upward for a project root.
- dist/config-installer.js default config registers `@hallaxius/nim-booster` into OpenCode config without an explicit user command.
Evidence against
- Network code is package-aligned Webshare proxy support and requires configured token.
- No child_process, eval, dynamic remote code loading, or credential exfiltration found in inspected dist files.
- README documents that postinstall modifies OpenCode configs, but install-time consent is still absent.
Behavioral surface
CryptoEnvironmentVarsFilesystemNetwork
UrlStrings
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node dist/bin.js init 2>/dev/null; node dist/bin.js init-project 2>/dev/null || true
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node dist/bin.js init 2>/dev/null; node dist/bin.js init-project 2>/dev/null || true
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High3 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings