post-scorer

SUSPICIOUS. The core purpose is coherent, and it does not show overt credential theft or unrelated access, but it relies on a community-maintained third-party Apify actor that receives account-authorised execution. Risk comes from credential forwarding and external data processing through non-first-party code, not from malware-like behaviour.