pty-bridge

SUSPICIOUS: the capability matches the stated PTY/interactive-terminal purpose, but the install path is an unpinned GitHub-source global CLI from a personal account with weak release provenance. The main risk is supply-chain trust compounded by credential forwarding and expanded remote-shell control, not clear malicious behavior or hidden exfiltration.