registry  /  @youdie006/swapdex  /  0.1.2

@youdie006/swapdex@0.1.2

Switch between multiple Claude Code and Codex login accounts, locally and safely.

AI Security Review

scanned 2d ago · by lpm-firewall-ai

The npm package is a lifecycle downloader for an unbundled native executable. Shipped JS does not itself exfiltrate data or mutate credentials, but install-time retrieval and execution path leaves the binary payload unaudited in the package source.

Static reason
One or more suspicious static signals were detected.
Trigger
npm install postinstall, then user runs swapdex
Impact
Unreviewed release binary gains local execution and can later access Claude/Codex credential files when invoked.
Mechanism
install-time remote native binary download and CLI shim execution
Attack narrative
On install, install.js selects a platform target, downloads a tar.gz from the package author's GitHub release, extracts bin/swapdex, marks it executable, and the published bin shim later runs it. The package purpose is credential switching for Claude Code and Codex, so credential-file access is package-aligned when user-invoked, but the actual native payload is not present for static npm source review.
Rationale
Static source inspection finds no confirmed malicious JavaScript behavior, exfiltration, persistence, or unconsented AI-agent control-surface mutation. The package should be warned because it installs an unaudited remote native binary at lifecycle time for a credential-management CLI.
Evidence
package.jsoninstall.jsbin/swapdex.jsREADME.mdbin/swapdex/tmp/swapdex-${target}.tar.gz
Network endpoints1
github.com/youdie006/swapdex/releases/download/v${version}/swapdex-${target}.tar.gz

Decision evidence

public snapshot
AI called this Suspicious at 78.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • package.json defines postinstall: node install.js
  • install.js downloads a platform tar.gz from GitHub releases during install
  • install.js extracts archive with tar and chmods bin/swapdex executable
  • bin/swapdex.js executes the downloaded native binary with user argv
  • README states the tool snapshots and swaps Claude/Codex credential files
Evidence against
  • No obfuscated JavaScript or prompt/reviewer manipulation found
  • Install URL is package-aligned: github.com/youdie006/swapdex releases
  • No credential harvesting or exfiltration logic present in shipped JS
  • Credential file writes described in README are user-invoked CLI behavior, not install-time
  • No AI-agent control-surface files are created by install.js
Behavioral surface
Source
ChildProcessFilesystemNetwork
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 3.12 KB of source, external domains: github.com

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node install.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node install.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High2 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
LowScripts Present
LowFilesystem
LowUrl Strings