american-airlines

Purpose and capabilities mostly align: it logs into AA to read loyalty data and explicitly requires the user to supply the email 2FA code. Main risk comes from unpinned automation dependencies, anti-detection tooling, sensitive session persistence, and especially the optional mutable personal Docker image that would receive AA credentials. Overall this is better classified as suspicious/high-risk tooling rather than confirmed malware.