AI Security Review
scanned 3h ago · by lpm-firewall-aiNo confirmed malicious attack surface was found. The main risk is package-aligned local inspection of AI client usage stores, including Windows-only Trae process memory key extraction to decrypt a local usage database.
Static reason
No blocking static signals were detected.
Trigger
User runs ocusage with Trae selected or all clients on Windows with a Trae database present
Impact
Can read local AI usage metadata and store a recovered Trae database key locally, but no source evidence of exfiltration or install-time execution
Mechanism
Local AI usage database/log reading and Trae SQLCipher key extraction
Rationale
The memory-scanning key extraction is a real dual-use local capability, but it is aligned with the stated token-usage reporting feature and is only activated by user CLI usage, not npm install/import. With no exfiltration, persistence, destructive behavior, or agent control hijack, this is not malicious but warrants a warning rather than a block.
Evidence
package.jsoncli.mjsconfig.mjscommands/config.mjsproviders/trae.mjsproviders/helpers/trae-key-extract.mjsscripts/extract-trae-key.ps1providers/helpers/trae-crypto.mjsuser ocusage config.jsontemporary ocusage-trae-*/decrypted.db
Decision evidence
public snapshotAI called this Suspicious at 88.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
- providers/helpers/trae-key-extract.mjs invokes powershell.exe to scan Trae process memory for SQLCipher key candidates on Windows
- scripts/extract-trae-key.ps1 uses OpenProcess/ReadProcessMemory/VirtualQueryEx against Trae.exe/Trae CN.exe
- providers/trae.mjs persists recovered Trae encryption keys via setEncryptionKey
Evidence against
- package.json has only prepare husky lifecycle, no install/postinstall hook
- cli.mjs is a commander CLI; behavior is user-invoked through ocusage commands
- No fetch/http/WebSocket or other exfiltration endpoints found in source
- Provider modules read local SQLite/JSONL usage data and aggregate token counts
- config.mjs writes only package-owned ocusage config under user config directory
- No broad AI-agent config mutation or persistence beyond saved ocusage preferences/keys
Behavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemShell
HighEntropyStrings
Source & flagged code
1 flagged · loading sourcescripts/extract-trae-key.ps1View file
•path = scripts/extract-trae-key.ps1
kind = build_helper
sizeBytes = 7116
magicHex = [redacted]
Medium
Ships Build Helper
Package ships non-JavaScript build or shell helper files.
scripts/extract-trae-key.ps1View on unpkgFindings
3 Medium4 Low
MediumEnvironment Vars
MediumShips Build Helperscripts/extract-trae-key.ps1
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings