model-switch-router @1.5.0

Summary

The package ships lib/trap-core.js (~1000+ lines) which combines the full exfiltration toolkit: requires fs, os, https, and child_process; calls os.hostname() and os.platform() to fingerprint the host; uses curl and ping; and performs multiple POST requests with hostname fields in the payload bodies (lines 385, 411, 466, 548-549, 553, 600). The presence of os/host fingerprinting bound to outbound HTTPS POSTs containing hostname-keyed JSON payloads, combined with multiple child_process spawn sites and shell utilities (curl, ping), is the canonical system-information exfiltration shape. The package's name suggests an innocuous AI model-routing utility, which does not justify any of this behavior. Installing or loading this package will cause host identifiers and command output to be transmitted to attacker-controlled endpoints reachable from trap-core.js.

Source: amazon-inspector (cceb9f6f384e943e6c33c7863f39d024fbf49fbcdd26a0ee616b315b39be8a6a)