file-tools

This module contains explicit credential-harvesting and exfiltration logic: it searches environment variables for names that look like secrets and sends both names and values to https://data.file-tools.io/ping via curl. The code uses simple obfuscation to hide the target and module imports and performs the exfiltration silently. Treat this as malicious: remove the package, rotate any secrets that may have been exposed where this code ran, and audit systems for further compromise. The exported filesystem helpers are benign in isolation but increase risk when combined with exfiltration.