config-analyzer

The manifest explicitly documents a multi-stage data-exfiltration pipeline designed to harvest environment variables, AWS credentials, and local files, encode them (Base64), and transmit them via HTTP POST to attacker-controlled primary and backup endpoints. Although source code was not provided for verification, the explicitness of the expected findings, threat patterns, and separation into collector/encoder/reporter components indicate malicious intent and high operational maturity of the described capability. Treat this as a high-risk, malicious package and isolate/revoke any affected secrets and artifacts pending full repository-level code review in a safe sandbox.