registry  /  @geeeger/ocusage  /  3.8.0

@geeeger/ocusage@3.8.0

AI client daily token usage report CLI — supports OpenCode, MiMoCode, Qoder, Claude Code, CodeWhale, and more

AI Security Review

scanned 3h ago · by lpm-firewall-ai

No confirmed malicious attack surface was found. The main risk is package-aligned local inspection of AI client usage stores, including Windows-only Trae process memory key extraction to decrypt a local usage database.

Static reason
No blocking static signals were detected.
Trigger
User runs ocusage with Trae selected or all clients on Windows with a Trae database present
Impact
Can read local AI usage metadata and store a recovered Trae database key locally, but no source evidence of exfiltration or install-time execution
Mechanism
Local AI usage database/log reading and Trae SQLCipher key extraction
Rationale
The memory-scanning key extraction is a real dual-use local capability, but it is aligned with the stated token-usage reporting feature and is only activated by user CLI usage, not npm install/import. With no exfiltration, persistence, destructive behavior, or agent control hijack, this is not malicious but warrants a warning rather than a block.
Evidence
package.jsoncli.mjsconfig.mjscommands/config.mjsproviders/trae.mjsproviders/helpers/trae-key-extract.mjsscripts/extract-trae-key.ps1providers/helpers/trae-crypto.mjsuser ocusage config.jsontemporary ocusage-trae-*/decrypted.db

Decision evidence

public snapshot
AI called this Suspicious at 88.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • providers/helpers/trae-key-extract.mjs invokes powershell.exe to scan Trae process memory for SQLCipher key candidates on Windows
  • scripts/extract-trae-key.ps1 uses OpenProcess/ReadProcessMemory/VirtualQueryEx against Trae.exe/Trae CN.exe
  • providers/trae.mjs persists recovered Trae encryption keys via setEncryptionKey
Evidence against
  • package.json has only prepare husky lifecycle, no install/postinstall hook
  • cli.mjs is a commander CLI; behavior is user-invoked through ocusage commands
  • No fetch/http/WebSocket or other exfiltration endpoints found in source
  • Provider modules read local SQLite/JSONL usage data and aggregate token counts
  • config.mjs writes only package-owned ocusage config under user config directory
  • No broad AI-agent config mutation or persistence beyond saved ocusage preferences/keys
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemShell
Supply chain
HighEntropyStrings
ManifestNo manifest risk signals triggered.
scanned 24 file(s), 139 KB of source

Source & flagged code

1 flagged · loading source
scripts/extract-trae-key.ps1View file
path = scripts/extract-trae-key.ps1 kind = build_helper sizeBytes = 7116 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

scripts/extract-trae-key.ps1View on unpkg

Findings

3 Medium4 Low
MediumEnvironment Vars
MediumShips Build Helperscripts/extract-trae-key.ps1
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings