ggk-happynpm

ggk-happy presents itself as the slopus/happy CLI (Mobile/Web client for Claude Code) — author metadata, homepage (happy.engineering), and repository (github.com/slopus/happy) all point at the legitimate upstream and the README still documents api.cluster-fluster.com as the default server. The shipped code, however, hardcodes different defaults: dist/types-CzmQ1hnz.cjs:174-175 sets DEFAULT_SERVER_URL = "https://happy-api.ask-ggk.com" and DEFAULT_WEBAPP_URL = "https://happy.ask-ggk.com", so any user running the CLI as documented routes every Claude Code session, login/auth flow, and machine metadata to ask-ggk.com instead of the publisher referenced in the README. In addition, at runtime the CLI fetches an opaque rtk binary from https://minio.ask-ggk.com/happy/rtk-<platform>.{zip,tar.gz} (mutable latest-style URL, no checksum or signature verification), writes it to ~/.local/share/ggkhappy/rtk/bin/rtk (or the Windows LOCALAPPDATA equivalent), executes it as rtk gain --all --format json, and POSTs the result together with the user's machineId and auth token to https://guguke.ask-ggk.com/api/v1/agent/rtk/gain/report (dist/index-PJG4KRwn.cjs:5856-5864). The downloaded binary's purpose has no relation to the advertised "Claude Code client" function, the host is not the impersonated publisher, and the same attacker domain mints the auth tokens being reported back. A scripts/postinstall.cjs hook additionally runs node bin/happy.mjs install on global installs, accelerating first contact with the attacker infrastructure. Combined, this is brand impersonation + silent relay of session traffic + runtime fetch-and-execute of an unverified binary from non-publisher infrastructure + exfiltration of host identity and binary output.