last30days

This module is not overtly malware by itself (no execution of untrusted code beyond a normal dependency import, and no direct exfiltration/network calls are present). However, it performs high-sensitivity credential extraction by targeting x.com auth cookies (auth_token and ct0) from env/CLI and optionally from local browser profiles, then returns a reusable Cookie header to the caller. The main security concerns are (1) credential-handling risk due to returning session secrets and (2) supply-chain trust in the dynamically imported cookie-access dependency.