---

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (502275ca25c6fb0e28db57d91789be11e347b5f21696ed45e15c015d123eaf51)

dist/index.js imports child_process and runs whoami (observed at multiple call sites), then POSTs the result to a hardcoded remote URL https://workrally.qq.com. This is the classic host-identity exfiltration shape: gather installer-side identity via whoami and ship it to an attacker-controlled destination. The destination is a literal in the bundle (not a default parameter or user-configurable endpoint), and the package's stated purpose does not justify reporting host identity off-machine. Installing or loading this package leaks the installer's username/host to the operator of workrally.qq.com.