lightx2v

This script is a straightforward client that uploads user-specified media (or URLs) and submits tasks to a remote LightX2V API, polling for results. It does not contain obfuscated or clearly malicious code. However, it has a significant data-exfiltration capability by design: local files passed as arguments (or referenced via config) are base64-encoded and sent to the configured remote server, and stored tokens from a local config can be automatically exported and used. That behavior is expected for a cloud client but poses a security risk if users accidentally supply sensitive files or if BASE_URL/TOKEN are set to an attacker-controlled server. Recommend auditing where tokens come from, validating BASE_URL before use, and warning users about uploading sensitive files.