No verification record available.

The evidence points towards malicious behavior. While the project on GitHub has a moderate number of stars and forks, the YARA analysis reveals a critical finding: the detection of the exec(doc.location.toString()) code within the index.cjs file. This code snippet attempts to execute the current document's location, which is a highly suspicious action. The use of exec in this context strongly suggests an attempt to execute arbitrary code, potentially downloading and running further malicious payloads or performing other harmful actions based on the current URL. The YARA rule's confidence is medium, but the nature of the detected code is extremely concerning and outweighs the lack of LLM analysis. The presence of $exec further strengthens the suspicion of malicious intent. While a single YARA match alone might be insufficient, the severity of this specific match, along with the lack of contradicting evidence from other sources, leads to the conclusion that this package is likely malicious.