registry  /  @revenium/cli  /  1.1.7

@revenium/cli@1.1.7

Unified Revenium CLI tools for Claude Code, Gemini CLI, Cursor, GitHub Copilot, and Codex metering setup

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
No blocking static signals were detected.
Trigger
User runs `revenium-codex setup` or `revenium-codex backfill`.
Impact
Codex telemetry and selected local usage metadata can be routed to Revenium; setup persists configuration until changed or removed.
Mechanism
User-invoked AI-agent telemetry configuration and usage export.
Rationale
No concrete malicious install-time or stealth execution chain was found. The package nevertheless explicitly persists AI-agent telemetry configuration and exports local usage data, so it warrants a warning under the agent-control policy.
Evidence
package.jsondist/codex-cli/commands/setup.jsdist/codex-cli/config/writer.jsdist/codex-cli/commands/backfill.jsdist/_core/api/otlp-client.jsdist/_core/shell/profile-updater.js~/.codex/config.toml~/.codex/revenium.env~/.codex/sessionsshell profile
Network endpoints3
api.revenium.aiapi.cursor.comapi.github.com

Decision evidence

public snapshot
AI called this Suspicious at 91.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `revenium-codex setup` writes an `[otel]` exporter into Codex configuration.
  • Setup adds a marked shell-profile block that sources Revenium environment settings.
  • Explicit `backfill` recursively reads Codex rollout JSONL files and posts derived usage records.
  • OTLP requests send telemetry to the configured Revenium endpoint with an API key header.
Evidence against
  • `package.json` has no preinstall, install, or postinstall lifecycle hook.
  • CLI entrypoints require explicit user command invocation before setup, sync, or backfill actions.
  • Backfill parses session IDs, models, timestamps, and token counts; no prompt/content extraction was found.
  • No child-process execution, eval/vm use, remote code loading, or hidden install-time behavior was found.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 72 file(s), 302 KB of source, external domains: api.cursor.com, api.github.com, api.revenium.ai, app.revenium.ai

Source & flagged code

0 flagged
No flagged code excerpts are attached to this scan.

Findings

6 Medium5 Low
MediumNetwork
MediumEnvironment Vars
MediumAi Review Evidence
MediumAi Review Evidence
MediumAi Review Evidence
MediumAi Review Evidence
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings