bot.js performs a hardcoded HTTPS GET to api.telegram.org's bot sendMessage endpoint, transmitting host fingerprint data collected via os.hostname(), os.userInfo(), and process.platform. The file also imports child_process and reads from the filesystem (fs.existsSync / fs.readFileSync) alongside the network exfiltration primitive. The destination is an attacker-operated Telegram bot, used as an exfiltration channel to siphon installer host identity and likely credential/wallet material from disk. The package name impersonates a Solana MEV trading utility to lure crypto users into running it.