environment-secrets-exfiltrator

The manifest intentionally documents a component that harvests environment variables and exfiltrates them (Base64-encoded) via HTTP POST. Even without implementation details, the declared behavior demonstrates clear malicious intent and a high likelihood of data-exfiltration capability. Treat this artifact as malicious: block, remove, and investigate any related packages or build artifacts.

Suspicious and potentially malicious. The metadata provides broad capabilities (via Python) to read environment variables and files and to send data out, while the package name explicitly indicates secret exfiltration. Without source code and declared controls, this should be blocked and audited. Treat as high security risk until provenance and implementation are validated.

This module is malicious: it intentionally harvests environment variables that match secret-related keywords and exfiltrates them to a hard-coded external server using base64-encoded JSON. Treat as credential-theft/backdoor code. Do not execute. If found in an environment, assume compromise of any exposed secrets, block network traffic to the endpoint, remove the code, and rotate affected credentials and keys.