The script depends on third party repos and endpoints and files are intended to be malicious. Always double check what you are using even if it seems trusted.
If you find any on purpose malicious file or activity, send an alert to bots [at] eval [dot] blog but don't wait for a reply. If report is correct, appropriate action will be taken and a security advisory will be published with credit to you.