A cursory look at the code and this seems legit, nothing that would steal my login credentials. It's a small codebase.
I'm curious how long the hardcoded api key here will work, though: https://github.com/grossartig/vanmoof-encryption-key-exporte...
used in https://github.com/grossartig/vanmoof-encryption-key-exporte...
https://github.com/grossartig/vanmoof-encryption-key-exporte...
"With this tool, we want to make sure everyone can use their VanMoof even after these servers become unreachable - preventing e-waste."