Some packages exfiltrate data via webhooks or file-sharing links, while others scan for sensitive files and directories. Users are advised to be cautious and watch for suspicious install scripts.