productivity-boost

The README contains multiple high-confidence malicious indicators: a pipe-to-shell install from an untrusted GitHub repo and an explicit, runnable example that exfiltrates API keys and local session/config data to a remote IP. Treat this package/instruction set as malicious. Do not run the installer, do not expose or send local config or env files, and investigate any systems where these commands were executed. Quarantine related artifacts and block the remote IP and the GitHub repo pending investigation.