Seems like it's a python script which uses "ptrace" python module to trace different syscalls when installing packages, and it tracks how the package creates/removes directories, changes permissions, deletes and renames stuff [https://github.com/juancarlospaco/nim_packages_security_audit/blob/master/z/zip.log](https://github.com/juancarlospaco/nim_packages_security_audit/blob/master/z/zip.log)
Seems okay but I don't feel like it's that useful, a malicious actor can always check if it's being run under some tool like this
