Skills
skills/aradotso/devtools-skills/cc-switch-cli/Gen Agent Trust Hub

cc-switch-cli

Fail

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill documentation encourages users and agents to install the cc-switch-cli tool by downloading a shell script from an untrusted GitHub repository (github.com/SaladDay/cc-switch-cli) and piping it directly into a shell (curl -fsSL ... | bash). This is a high-risk pattern that allows for arbitrary remote code execution.
  • [COMMAND_EXECUTION]: The skill provides instructions for the agent to execute numerous system-level commands, including those requiring administrative privileges (sudo) for moving files to /usr/local/bin/ and modifying file permissions (chmod +x). It also provides commands to validate the existence of binaries within the system PATH.
  • [EXTERNAL_DOWNLOADS]: The skill facilitates the download of executable binaries and installation scripts from a repository belonging to an unverified user (SaladDay). These downloads include platform-specific archives (.tar.gz, .zip) containing binaries for macOS, Linux, and Windows.
  • [CREDENTIALS_UNSAFE]: The tool manages and displays sensitive authentication data. It prompts for API keys and WebDAV passwords, and specifically provides a command (cc-switch config webdav show) to display the configured WebDAV credentials, including the password in plain text. This creates a high risk of credential harvesting and exposure.
  • [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection via its community skills management feature.
  • Ingestion points: Untrusted data enters the environment through cc-switch skills install, which fetches content from a remote repository.
  • Boundary markers: None are present; there are no instructions for the agent to ignore or delimit embedded instructions within downloaded skills.
  • Capability inventory: The skill has access to the CLI tool which can perform file-write operations (skills sync), network operations (provider speedtest), and system configuration modification.
  • Sanitization: There is no mention of validation or sanitization of external content before it is registered and synchronized into the agent's environment.
Recommendations
  • HIGH: Downloads and executes remote code from: https://github.com/SaladDay/cc-switch-cli/releases/latest/download/install.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
May 18, 2026, 07:09 PM