I like where your head is at with this app, but I have a few areas of feedback:

• Half of the references show very specific attack chains of abuse, that aren't relevant to your technique reporting, I would remove these as they'd likely just confuse people.
• With your collection technique, we don't have a category for that - we use Data Exfiltration, and your script appears to simply locally write keystrokes to a file, while your technique talks about exfiltrating it via http(s). If you want us to use this technique, you'll have to modify your Github PoC to walk a user through writing and utilizing the keylogging script to exfiltrate externally. In this current state there's no instructions so it's a little misleading.
• I validated your "persistence" method, although I did a simple code execution test by making a script that simply pops calc. If you want this technique, please demonstrate/write a script that creates persistence on the machine, or demonstrates that you can execute code every time a user does "x" or the system does "x". In the current state, your steps don't discuss or prove any form of persistence. I realize that it's a given that if you can execute code, you can utilize persistence methodology - but we need to see this applied.