PkgRadar

PyPI · pypi.org

keepercommander

Clipboard Crypto Steal: clipboard access library paired with cryptocurrency seed/key patterns

Why PkgRadar flagged 18.0.8

SeveritySignalEvidence
highClipboard Crypto Stealclipboard access library paired with cryptocurrency seed/key patterns · keepercommander-18.0.8/keepercommander/commands/connect.py
highClipboard Crypto Stealclipboard access library paired with cryptocurrency seed/key patterns · keepercommander-18.0.8/keepercommander/commands/pam_launch/launch.py
highClipboard Crypto Stealclipboard access library paired with cryptocurrency seed/key patterns · keepercommander-18.0.8/keepercommander/commands/utils.py
highWebhook Exfil Endpointmatched "ngrok.app" · keepercommander-18.0.8/keepercommander/service/util/tunneling.py
highPy Runtime Base64 Decodebase64/hex decode combined with exec/subprocess — classic obfuscated payload pattern. · keepercommander-18.0.8/keepercommander/biometric/platforms/macos/keychain.py
highPy Runtime Base64 Decodebase64/hex decode combined with exec/subprocess — classic obfuscated payload pattern. · keepercommander-18.0.8/keepercommander/utils.py
mediumCredential file accessmatched ".ssh/" · keepercommander-18.0.8/keepercommander/plugins/sshkey/sshkey.py

Scanned versions

VersionVerdictScoreScanned (UTC)
18.0.8High risk742026-06-13
18.0.7Review592026-06-07
18.0.6Review592026-06-06
18.0.5Review592026-06-05
18.0.4Review662026-05-27

Campaign attribution

Part of the Bittensor clipboard stealer campaign.

Block this in CI

PkgRadar gates keepercommander (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi keepercommander==18.0.8
Start free — 25 scans / moView full evidence