aoconnect

The package is a convenience CLI wrapper intended to perform legitimate AO message-signing and network operations. There is no direct evidence in the provided documentation of obfuscation or embedded malware. However, two design choices materially increase the attack surface: allowing arbitrary node endpoints (MU/CU/Gateway) and permitting an --on-message callback as a raw JavaScript string. If the implementation evaluates that callback string, it constitutes a severe arbitrary code execution vulnerability. Misuse or social engineering to set malicious endpoints can lead to exposure or misuse of wallet signing capabilities. Treat this package as suspicious but not proven-malicious; audit the implementation for eval-like behavior, ensure endpoints are validated, and protect wallet JWKs.