@nolimit-x binary payload

Attribution basis

These are the signal classes linking the members of this campaign — the broad evidence categories we use to attribute a package, not the raw indicators themselves.

• shared malware fingerprint
• OSV advisory cluster

Sample attributed packages

• openwork-orchestrator-windows-x64@0.16.4
• @angular-go/win32-x64@1.0.34
• @superdoc-dev/sdk-windows-x64@1.16.1
• @superdoc-dev/cli-windows-x64@0.17.1
• @phosphor-tools/cli-windows-x64@0.1.0-dev.pr47.7
• even-pf-windows-x64@0.4.2
• amae-win32-x64@0.1.2
• amae-win32-x64@0.1.0
• @azure/mcp-win32-x64@3.0.0-beta.18
• @azure/mcp-win32-x64@3.0.0-beta.17
• @azure/mcp-win32-arm64@3.0.0-beta.18
• git-userhub@3.0.6
• git-userhub-windows-x64@3.0.6
• @microsoft/powerbi-modeling-mcp-win32-x64@0.5.0-beta.7
• @microsoft/powerbi-modeling-mcp-win32-x64@0.5.0-beta.10
• @microsoft/powerbi-modeling-mcp-win32-arm64@0.5.0-beta.7
• @microsoft/powerbi-modeling-mcp-win32-arm64@0.5.0-beta.10
• openwork-orchestrator-windows-x64@0.16.3
• @superdoc-dev/sdk-windows-x64@1.16.0
• forgecli-ai@0.9.0
• @go-hare/claude-code@2.6.16
• @tianma-ai/tmcode@1.18.2
• tianma-ai@1.18.1
• @tianma-ai/tmcode@1.18.0
• @tianma-ai/tmcode@1.18.1
• @go-hare/claude-code@2.6.15
• aicopilot-ai@1.16.2
• @omniaibot/win-x64@1.4.0
• @sleep2agi/tmcode@1.17.4
• @sleep2agi/tmcode@1.18.0

PkgRadar attributes coordinated supply-chain campaigns and blocks their packages at the CI gate. Start free or see all tracked campaigns.