SkillTotal

Is farion1231/cc-switch safe?

cc-switch is an AI npm_package analyzed by SkillTotal's deterministic static scanner. The scan found no malicious indicators, though 5 risky constructs are reported for review. It can: filesystem read, filesystem write and network egress — capabilities are what the code can do, not a verdict on intent. Risk score 30/100 (medium).

cc-switch 3.16.5

npm_package · https://github.com/farion1231/cc-switch
MEDIUM
30
/ 100 risk score
Snapshot · scanned Jul 3, 2026 · cc-switch@3.16.5 · engine 0.24.0 / ruleset 25
Some risk - review before installing
Notable — review in context (capabilities are not malware):
  • Defense-evasion command idiom
  • Node.js filesystem read
  • Node.js filesystem write/delete

No malicious indicators found by static analysis.

Automated static-analysis result. It can contain false positives and false negatives, and is not a claim about the intent of farion1231/cc-switch's authors. Report a false positive.

Capabilities — what this component can do (not a risk score):
filesystem readfilesystem writenetwork egress

Findings (5)

HIGHDefense-evasion command idiomST-SHELL-EVASION

A command uses a known defense-evasion idiom: PowerShell execution-policy bypass / encoded command / hidden window, macOS code-signing bypass, or launching a payload from a world-writable temp directory. These are hallmarks of droppers and rarely appear in legitimate code.

const HERMES_WINDOWS_INSTALL_COMMAND = `powershell -NoProfile -ExecutionPolicy Bypass -EncodedCommand ${powershellEncodedCommand(

Fix: Verify why the component bypasses execution policy / code signing or runs from a temp directory; these patterns are characteristic of malware staging.

MEDIUMServer bound to all network interfacesST-EXPOSE-BIND

A server is bound to all network interfaces (0.0.0.0), not just your own machine.

Why it matters: Without authentication, other hosts on the network can reach it.

Fix: Bind to 127.0.0.1 for local-only use, or require authentication and restrict access if remote exposure is intended.

MEDIUMNode.js filesystem readST-FS-NODE-READ

The component reads files from disk.

const svg = fs.readFileSync(path.join(OUTPUT_DIR, `${name}.svg`), 'utf-8');

Why it matters: Usually legitimate, but worth confirming it can't be steered into reading sensitive files.

Fix: Confirm which files are read and that paths cannot be influenced by untrusted input to reach sensitive locations.

MEDIUMNode.js filesystem write/deleteST-FS-NODE-WRITE

The component writes or deletes files on disk.

fs.writeFileSync(path.join(OUTPUT_DIR, 'index.ts'), indexContent);
fs.writeFileSync(path.join(OUTPUT_DIR, 'metadata.ts'), metadataContent);
fs.writeFileSync(path.join(OUTPUT_DIR, 'README.md'), readmeContent);
fs.unlinkSync(path.join(ICONS_DIR, `${baseName}-color.svg`));
fs.unlinkSync(path.join(ICONS_DIR, `${baseName}.svg`));

Why it matters: Usually legitimate, but worth confirming the paths can't be controlled by untrusted input.

Fix: Confirm which files are written/deleted and that paths cannot be influenced by untrusted input.

MEDIUMNode.js network egressST-NET-NODE

The component makes outbound network requests.

const res = await fetch(MODELS_DEV_API_URL);

Why it matters: Usually legitimate, but confirm the destinations are expected and no sensitive data leaves.

Fix: Confirm the destination hosts are expected and that no sensitive data is sent off-host.

Check your own component

Run the same evidence-backed scan on any MCP server, agent skill, or package.

Scan your own component

Or get notified if this component's risk changes:

How we determine this: deterministic static analysis (regex + AST), evidence-anchored, no code execution. Methodology →