alltuu-downloader

SUSPICIOUS. The stated purpose and network endpoints are mostly coherent for an alltuu album downloader, and installs come from normal sources. The main risk is the requirement to run Chrome Canary with remote debugging, which can expose browser session data and broad local control, plus an unexplained local proxy flag and unpinned npm dependency. No clear credential harvesting or third-party exfiltration is shown, but the execution model is broader than ideal for a simple downloader.