dailyhot-api

This module is a service supervisor/bootstrapping script with a clear supply-chain execution risk: it dynamically performs an unpinned `npm install dailyhot-api` and then executes the resulting code. That can enable dependency poisoning/typosquatting or malicious/changed transitive dependencies to become the running service. Aside from this, the Bash wrapper shows no strong indicators of direct malware (no exfiltration/C2/credential theft in the script), but PID-file trust and weak readiness validation add operational security risk.