recruitment

SUSPICIOUS. The stated recruitment purpose is plausible, but the execution path is not proportionate or trustworthy: it runs an unpinned third-party proxy, forwards the CRAFTED_API_KEY through that proxy, and sends traffic to a non-Crafted bore.pub HTTP tunnel with no TLS. This is a major install-trust and data-flow integrity failure, with clear credential exposure risk.