AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Static reason
No blocking static signals were detected.
Trigger
User runs `revenium-codex setup` or `revenium-codex backfill`.
Impact
Codex telemetry and selected local usage metadata can be routed to Revenium; setup persists configuration until changed or removed.
Mechanism
User-invoked AI-agent telemetry configuration and usage export.
Rationale
No concrete malicious install-time or stealth execution chain was found. The package nevertheless explicitly persists AI-agent telemetry configuration and exports local usage data, so it warrants a warning under the agent-control policy.
Evidence
package.jsondist/codex-cli/commands/setup.jsdist/codex-cli/config/writer.jsdist/codex-cli/commands/backfill.jsdist/_core/api/otlp-client.jsdist/_core/shell/profile-updater.js~/.codex/config.toml~/.codex/revenium.env~/.codex/sessionsshell profile
Network endpoints3
api.revenium.aiapi.cursor.comapi.github.com
Decision evidence
public snapshotAI called this Suspicious at 91.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
- `revenium-codex setup` writes an `[otel]` exporter into Codex configuration.
- Setup adds a marked shell-profile block that sources Revenium environment settings.
- Explicit `backfill` recursively reads Codex rollout JSONL files and posts derived usage records.
- OTLP requests send telemetry to the configured Revenium endpoint with an API key header.
Evidence against
- `package.json` has no preinstall, install, or postinstall lifecycle hook.
- CLI entrypoints require explicit user command invocation before setup, sync, or backfill actions.
- Backfill parses session IDs, models, timestamps, and token counts; no prompt/content extraction was found.
- No child-process execution, eval/vm use, remote code loading, or hidden install-time behavior was found.
Behavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetwork
HighEntropyStringsUrlStrings
Source & flagged code
0 flaggedNo flagged code excerpts are attached to this scan.
Findings
6 Medium5 Low
MediumNetwork
MediumEnvironment Vars
MediumAi Review Evidence
MediumAi Review Evidence
MediumAi Review Evidence
MediumAi Review Evidence
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings