If you are working in a shell like that you should have outbound ports locked down and a list of allowed domains set in your proxy. Add in some antivirus and password sudo check and plenty of ways to catch this
>>jabart+(OP)
Thats why i have a lexical and intermediate representative (IR) code examiner of JavaScript running as an ICAP server capturing all HTTP/HTTPS connections.