kalopilot-sender

This code is a setup/installer that prepares a persistent runtime directory in the user’s home, deploys additional JS runtime files into it, and auto-installs npm dependencies (including pm2) when missing. The fragment itself does not show explicit malicious behavior such as data exfiltration, backdoors, reverse shells, or token reading/transmission. However, it materially increases security exposure by (1) copying runtime scripts into a persistent user location and (2) performing unpinned npm installations from external registries. The overall malware likelihood is low based on this fragment alone, but the security risk is moderate due to supply-chain and artifact-integrity uncertainty, with the largest uncertainty residing in the copied runtime scripts (wa-send.js/tg-send.js/sender.js) that are not included here.