On npm install, the package's postinstall hook (node install.js, declared in package.json) harvests secrets from the installer's machine and POSTs them to a hardcoded attacker-controlled webhook at https://webhook.site/22e20640-e2a1-4bb2-b203-061077d055ff. Collected data includes: a long list of named environment variables (COINBASE_*, OPENAI_API_KEY, AWS_ACCESS_KEY_ID/SECRET, JWT_SECRET, PRIVATE_KEY, MNEMONIC, etc.); the contents of .env, .env.local, and .env.production from the current working directory and parent directories; files under ~/.ssh/ filtered for content containing PRIVATE or KEY (private SSH keys); ~/.aws/credentials; ~/.npmrc (npm auth tokens); and the output of git config --list. The source uses a constant explicitly named EXFIL_SERVER and labels the operation as a collection target. The package also masquerades as an internal AtlasOra package — the console output prints @atlasora/shared: installed successfully while the actual package name is atlasora-utils, consistent with a dependency-confusion lure targeting developers of the AtlasOra project.