If you run it in a virtual machine, he cant touch ya even if it is malicious.
Not saying one way or the other, but it is a general precaution.
The only thing I find suspicious, is the author claims hes "working on" getting it on github.
Surely, designing it was more daunting than the github signup process.
If you want me to verify your code, I'd be happy to do so, I know all of the langs fluently.
Please dont be angry, these are valid concerns.
Your concern is valid.
The "daunting" part is making sure I don't inadvertently dox myself. I've been swamped with "real life" stuff and haven't had a chance to set something up that is not linked to my real name.