---

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (f428561fb8f2d776b815262884ea9cb4fd1f39f616adbd0716ce64377d44ca38)

dist/api.js contains a hardcoded outbound fetch to https://promts.newtechcompany.ru that carries data derived from process.env. The destination is an unaffiliated.ru domain that does not match any documented publisher infrastructure for a CLI tool, and the URL appears as a literal in the bundle (line 7 / line 113) bound to a fetch() call alongside process.env reads. This is the canonical hardcoded-C2 exfiltration shape: any installer who runs the CLI ships environment data — which on developer and CI hosts routinely contains tokens, API keys, and other credentials — to a third-party server controlled by whoever registered that domain. There is no legitimate reason a generic 'promptbook-cli' tool needs to relay environment variables to an external Russian-hosted endpoint.