You might be able to have it so that you encrypt code that does networking with GPG and have a special header for it, and in the code that is distributed have it (obfuscated of course, which would probably be caught in an audit) take the message that is decrypted from the ciphertext and run it as a script if the header is detected. Then you could completely hide any networking calls and have the code distributed look a lot more legit, although there would still be a switch that is looking for a special signal and of course the code that then runs whatever is decrypted as a script. Not a foolproof plan by any means, but it would possibly be easier to hide this than my original post of a ruby method that does networking while obfuscating IP address and port and obfuscated require of sockets, (although not the fact that TCP is being used). Still nothing that wouldn't be noticed, but to notice such a thing you would really need to know the language and again if you know the language why are you using a simple script someone else made.