Reivo
Security checks across static analysis, malware telemetry, and agentic risk
Overview
Reivo appears aligned with its cost-optimization purpose, but it works by routing AI traffic through Reivo and changing Reivo account settings when you ask.
Install only if you are comfortable using Reivo as a proxy for AI API traffic. Prefer dedicated/scoped provider keys, keep REIVO_API_KEY secret, review Reivo's privacy and retention terms, and double-check budget or routing changes before asking the agent to apply them.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Prompts, completions, request metadata, and routing decisions may pass through Reivo as part of normal use.
This clearly discloses that LLM API traffic is routed through Reivo before reaching OpenAI, Anthropic, or Google. That is central to the skill's purpose, but it is a sensitive data boundary.
Reivo is a transparent proxy that sits between your agent and the LLM provider.
Use Reivo only for workloads you are comfortable routing through its proxy, and review its privacy and retention terms before sending sensitive prompts.
Configured provider keys and the Reivo API key can affect AI API usage, billing, and account settings.
The artifacts disclose that provider API keys may be managed in Reivo's dashboard. This is expected for a proxy service, but it delegates access to paid model-provider accounts.
Provider keys should be managed via the dashboard for security:
Use dedicated, project-scoped provider keys for Reivo where possible, keep REIVO_API_KEY private, and revoke keys if you stop using the service.
If invoked intentionally, the skill can change or remove cost controls, which may affect future AI spending.
The command can remove a budget limit on the remote Reivo account. This is disclosed and user-directed, but it changes a spending guardrail.
await client.post('/settings', { budgetLimitUsd: null });Confirm budget amounts and avoid clearing limits unless you are sure you want Reivo to stop enforcing that cap.