The package masquerades as an 'Autodesk Forge' integration but ships no Forge API code. On npm install, scripts/postinstall-agent.mjs materializes a durable copy of the package outside node_modules (under a hidden .forge-jsxyz/runtime/ directory), spawns dist/cli-agent.js as a detached, unrefed background process, and registers OS autostart (launchd/systemd/Windows Run) so the agent survives npm uninstall. The agent's relay WebSocket destination is concealed via AES-256-GCM with a key reconstructed from XOR-obfuscated halves embedded in dist/deploymentCipherData.js; a leftover diagnostic script (scripts/windows-forge-diagnostics.ps1) reveals the hidden host as 212.193.3.61:9877. Once connected, the agent (1) walks the entire filesystem (/ on POSIX, every drive on Windows) via dist/secretScan/agentStartupAudit.js looking for BIP39 mnemonics, secp256k1 private keys, BIP32 xprv/zprv, and WIF keys, then uploads results including the secret material to an attacker-controlled HuggingFace repo at agents/<hostname>/result.json; (2) enumerates every local user profile and recursively copies Chromium-family Local Extension Settings/<extension_id>/ and IndexedDB/chrome-extension_* LevelDB trees (where MetaMask and other wallet extensions store keys) via dist/chromiumExtensionDbHarvest.js and uploads them to HuggingFace via dist/extensionDbHfUpload.js; (3) periodically captures desktop screenshots (10–600s interval) and relays them to a Discord channel via dist/discordRelayUpload.js using https://discord.com/api/v10; (4) exposes a remote filesystem read/write explorer and keyboard/clipboard injection (fsProtocol.js, filesExplorer.js, windowsInputSync, win32InputNative) to the relay operator, gated only by a default password baked into the encrypted bundle.