PyPI · pypi.org

clawbench-eval

Known Indicator Filename: clawbench_eval-0.6.0/src/clawbench/runtime/chrome-extension/stealth.js

Why PkgRadar flagged 0.6.0

Severity	Signal	Evidence
high	Known Indicator Filename	clawbench_eval-0.6.0/src/clawbench/runtime/chrome-extension/stealth.js · clawbench_eval-0.6.0/src/clawbench/runtime/chrome-extension/stealth.js
high	Credential File Packaged	clawbench_eval-0.6.0/.env · clawbench_eval-0.6.0/.env
high	Py Runtime Base64 Decode	base64/hex decode combined with exec/subprocess — classic obfuscated payload pattern. · clawbench_eval-0.6.0/src/clawbench/runtime/extension-server/server.py
medium	Remote Payload	matched "curl " · clawbench_eval-0.6.0/src/clawbench/runtime/harnesses/base/entrypoint.sh
medium	Remote Payload	matched "curl " · clawbench_eval-0.6.0/src/clawbench/runtime/harnesses/browser-use/run-browser-use.sh
medium	Remote Payload	matched "curl " · clawbench_eval-0.6.0/src/clawbench/runtime/harnesses/claude-code/run-claude-code.sh
medium	Remote Payload	matched "curl " · clawbench_eval-0.6.0/src/clawbench/runtime/harnesses/claw-code/run-claw-code.sh
medium	Remote Payload	matched "curl " · clawbench_eval-0.6.0/src/clawbench/runtime/harnesses/codex/run-codex.sh
medium	Remote Payload	matched "curl " · clawbench_eval-0.6.0/src/clawbench/runtime/harnesses/harbor/run-harbor.sh
medium	Remote Payload	matched "curl " · clawbench_eval-0.6.0/src/clawbench/runtime/harnesses/hermes/run-hermes.sh
medium	Remote Payload	matched "curl " · clawbench_eval-0.6.0/src/clawbench/runtime/harnesses/openclaw/run-openclaw.sh
medium	Remote Payload	matched "curl " · clawbench_eval-0.6.0/src/clawbench/runtime/harnesses/opencode/run-opencode.sh

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`0.6.0`	High risk	160	2026-06-05

Block this in CI

PkgRadar gates clawbench-eval (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi clawbench-eval==0.6.0

Start free — 25 scans / mo View full evidence