registry  /  @hallaxius/nim-booster  /  1.1.1

@hallaxius/nim-booster@1.1.1

OpenCode plugin that supercharges NVIDIA NIM providers — health-score key rotation, adaptive throttling, and automatic proxy rotation via webshare.io.

AI Security Review

scanned 2d ago · by lpm-firewall-ai

LPM blocks this version under the AI-agent control-surface policy. The package modifies OpenCode configuration during npm postinstall, adding itself as a plugin and creating booster config files. This is an unconsented lifecycle mutation of an AI agent control surface even though it matches the package theme.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
npm install / postinstall
Impact
OpenCode may load the package plugin automatically after install, changing AI agent behavior without a separate user command.
Mechanism
install-time OpenCode plugin registration and config file creation
Policy narrative
On installation, npm runs the package postinstall script. That invokes the bundled CLI `init`, which edits OpenCode server and TUI config files to include `@hallaxius/nim-booster`, then `init-project`, which creates a project booster config. After OpenCode restarts, the package can be loaded as an OpenCode plugin and alter key/proxy rotation behavior.
Rationale
Static inspection confirms install-time writes to OpenCode control-surface configs; under the firewall policy this is blocking behavior even though the implementation otherwise appears package-aligned and documented. No separate exfiltration or destructive payload was found. Product guard normalized a concrete AI-agent control hijack publish_block to the blockable dangerous-capability shape.
Evidence
package.jsondist/bin.jsdist/config-installer.jsdist/config.jsdist/server.jsdist/proxy/store.jsdist/proxy/fetch-patch.jsREADME.md~/.config/opencode/opencode.json~/.config/opencode/tui.json~/.config/opencode/nim-booster/config.jsonbooster.jsonc
Network endpoints4
proxy.webshare.io/api/v2/proxy/list/proxy.webshare.io/api/v2/proxy/list/refresh/p.webshare.ioipv4.webshare.io

Decision evidence

public snapshot
AI called this Malicious at 90.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for policy block
  • package.json postinstall runs `node dist/bin.js init` and `init-project` automatically
  • dist/bin.js dispatches install-time `init` to `updateOpenCodeConfigs` and `init-project` to `writeProjectBoosterConfig`
  • dist/config-installer.js writes OpenCode `opencode.json` and `tui.json` plugin entries for `@hallaxius/nim-booster`
  • dist/config-installer.js creates default `nim-booster/config.json` and project `booster.jsonc` without an explicit user CLI invocation
  • dist/proxy/store.js contacts `https://proxy.webshare.io/api/v2/proxy/list/` only when proxy features are configured
Evidence against
  • No child_process, eval, dynamic code loading, or obfuscated payload found in inspected dist files
  • Network access is package-aligned Webshare proxy API and gated by configured token/proxy use
  • No evidence of credential exfiltration; tokens/keys are stored locally for the plugin feature
  • README documents the postinstall OpenCode config modification behavior
Behavioral surface
Source
CryptoEnvironmentVarsFilesystemNetwork
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 29 file(s), 138 KB of source, external domains: opencode.ai, proxy.webshare.io

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node dist/bin.js init; node dist/bin.js init-project; node -e 0
Critical
Red Install Lifecycle Script

Install-time lifecycle script matches a deterministic static-gate block pattern.

package.jsonView on unpkg
scripts.postinstall = node dist/bin.js init; node dist/bin.js init-project; node -e 0
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg

Findings

1 Critical1 High2 Medium3 Low
CriticalRed Install Lifecycle Scriptpackage.json
HighInstall Time Lifecycle Scriptspackage.json
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings