Similar for me. One was for an overly very well paid position. I always run (p)npm audit before running npm repos, so lots of issues were found. I tried to fix them but I would have gone over the time limit. So I asked the recruiter about it and if it makes sense to run it in an isolated VM. No answer...

The other was for a DevEx crypto service. While I was very suspicious the code looked okay but the recruiter was strange and changed their profile to a different person eventually. I think this was a crypto stealing scam though since it required connecting to a wallet. I don't have any crypto though, so I might be okay for now. Although reinstalling my system clean would be the only sure way in theory...