PyPI · pypi.org

plugin-scanner

Clipboard Crypto Steal: clipboard access library paired with cryptocurrency seed/key patterns

Why PkgRadar flagged 2.0.762

Severity	Signal	Evidence
high	Clipboard Crypto Steal	clipboard access library paired with cryptocurrency seed/key patterns · plugin_scanner-2.0.762/src/codex_plugin_scanner/guard/runtime/false_positive_rules.py
high	Python Bun Js Exec	Python file references the Bun JavaScript runtime — cross-language execution · plugin_scanner-2.0.762/src/codex_plugin_scanner/checks/operational_security.py
high	Python Bun Js Exec	Python file references the Bun JavaScript runtime — cross-language execution · plugin_scanner-2.0.762/src/codex_plugin_scanner/guard/local_supply_chain.py
high	Python Bun Js Exec	Python file references the Bun JavaScript runtime — cross-language execution · plugin_scanner-2.0.762/src/codex_plugin_scanner/guard/shim_probe.py
high	Python Bun Js Exec	Python file references the Bun JavaScript runtime — cross-language execution · plugin_scanner-2.0.762/src/codex_plugin_scanner/guard/shims.py
high	Python Bun Js Exec	Python file references the Bun JavaScript runtime — cross-language execution · plugin_scanner-2.0.762/src/codex_plugin_scanner/guard/cli/commands_support_interaction.py
high	Python Bun Js Exec	Python file references the Bun JavaScript runtime — cross-language execution · plugin_scanner-2.0.762/src/codex_plugin_scanner/guard/cli/commands_support_runtime_policy.py
high	Python Bun Js Exec	Python file references the Bun JavaScript runtime — cross-language execution · plugin_scanner-2.0.762/src/codex_plugin_scanner/guard/runtime/mcp_protection.py
high	Python Bun Js Exec	Python file references the Bun JavaScript runtime — cross-language execution · plugin_scanner-2.0.762/src/codex_plugin_scanner/guard/runtime/mcp_skill_firewall.py
high	Python Bun Js Exec	Python file references the Bun JavaScript runtime — cross-language execution · plugin_scanner-2.0.762/src/codex_plugin_scanner/guard/runtime/package_intent_parser.py
high	Python Bun Js Exec	Python file references the Bun JavaScript runtime — cross-language execution · plugin_scanner-2.0.762/src/codex_plugin_scanner/guard/runtime/package_manifest_diff.py
high	Python Bun Js Exec	Python file references the Bun JavaScript runtime — cross-language execution · plugin_scanner-2.0.762/src/codex_plugin_scanner/guard/runtime/skill_protection.py

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`2.0.762`	High risk	360	2026-06-17
`2.0.761`	High risk	360	2026-06-17
`2.0.760`	High risk	360	2026-06-17
`2.0.759`	High risk	360	2026-06-17
`2.0.758`	High risk	360	2026-06-16
`2.0.757`	High risk	360	2026-06-16
`2.0.756`	High risk	360	2026-06-16
`2.0.755`	High risk	360	2026-06-16
`2.0.754`	High risk	360	2026-06-16
`2.0.753`	High risk	360	2026-06-16
`2.0.752`	High risk	360	2026-06-16
`2.0.751`	High risk	360	2026-06-16
`2.0.750`	High risk	310	2026-06-16
`2.0.749`	High risk	310	2026-06-16
`2.0.748`	High risk	310	2026-06-16
`2.0.747`	High risk	310	2026-06-16
`2.0.746`	High risk	310	2026-06-16
`2.0.745`	High risk	310	2026-06-16
`2.0.744`	High risk	310	2026-06-16
`2.0.743`	High risk	310	2026-06-16
`2.0.742`	High risk	310	2026-06-16
`2.0.741`	High risk	310	2026-06-16
`2.0.740`	High risk	310	2026-06-16
`2.0.739`	High risk	310	2026-06-16
`2.0.738`	High risk	310	2026-06-16
`2.0.737`	High risk	310	2026-06-16
`2.0.736`	High risk	310	2026-06-16
`2.0.735`	High risk	310	2026-06-15
`2.0.734`	High risk	310	2026-06-15
`2.0.733`	High risk	310	2026-06-15
`2.0.732`	High risk	310	2026-06-15
`2.0.731`	High risk	310	2026-06-15
`2.0.730`	High risk	310	2026-06-15
`2.0.729`	High risk	310	2026-06-15
`2.0.728`	High risk	310	2026-06-15
`2.0.727`	High risk	310	2026-06-15
`2.0.726`	High risk	310	2026-06-15
`2.0.725`	High risk	310	2026-06-15
`2.0.724`	High risk	310	2026-06-15
`2.0.723`	High risk	310	2026-06-15
`2.0.722`	High risk	310	2026-06-15
`2.0.721`	High risk	310	2026-06-15
`2.0.720`	High risk	310	2026-06-15
`2.0.719`	High risk	310	2026-06-15
`2.0.718`	High risk	310	2026-06-15
`2.0.717`	High risk	310	2026-06-15
`2.0.716`	High risk	310	2026-06-15
`2.0.715`	High risk	310	2026-06-15
`2.0.714`	High risk	310	2026-06-15
`2.0.713`	High risk	310	2026-06-15
`2.0.712`	High risk	310	2026-06-15
`2.0.711`	High risk	310	2026-06-15
`2.0.710`	High risk	310	2026-06-15
`2.0.709`	High risk	310	2026-06-15
`2.0.708`	High risk	310	2026-06-15
`2.0.707`	High risk	310	2026-06-15
`2.0.706`	High risk	310	2026-06-15
`2.0.705`	High risk	310	2026-06-15
`2.0.704`	High risk	310	2026-06-15
`2.0.703`	High risk	310	2026-06-15
`2.0.702`	High risk	310	2026-06-15
`2.0.701`	High risk	310	2026-06-15
`2.0.700`	High risk	310	2026-06-15
`2.0.699`	High risk	310	2026-06-15
`2.0.698`	High risk	310	2026-06-15
`2.0.697`	High risk	310	2026-06-15
`2.0.696`	High risk	310	2026-06-15
`2.0.695`	High risk	310	2026-06-14
`2.0.694`	High risk	310	2026-06-14
`2.0.693`	High risk	310	2026-06-14
`2.0.692`	High risk	310	2026-06-14
`2.0.691`	High risk	310	2026-06-14
`2.0.690`	High risk	310	2026-06-14
`2.0.689`	High risk	310	2026-06-14
`2.0.688`	High risk	310	2026-06-14
`2.0.687`	High risk	310	2026-06-14
`2.0.686`	High risk	310	2026-06-14
`2.0.685`	High risk	310	2026-06-14
`2.0.684`	High risk	310	2026-06-14
`2.0.683`	High risk	310	2026-06-14
`2.0.682`	High risk	310	2026-06-14
`2.0.681`	High risk	310	2026-06-14
`2.0.680`	High risk	310	2026-06-14
`2.0.679`	High risk	310	2026-06-14
`2.0.678`	High risk	310	2026-06-14
`2.0.677`	High risk	310	2026-06-14
`2.0.676`	High risk	310	2026-06-14
`2.0.675`	High risk	310	2026-06-14
`2.0.674`	High risk	310	2026-06-14
`2.0.673`	High risk	310	2026-06-14
`2.0.672`	High risk	310	2026-06-14
`2.0.671`	High risk	310	2026-06-14
`2.0.670`	High risk	310	2026-06-14
`2.0.669`	High risk	310	2026-06-14
`2.0.668`	High risk	310	2026-06-14
`2.0.667`	High risk	310	2026-06-14
`2.0.666`	High risk	310	2026-06-14
`2.0.665`	High risk	310	2026-06-13
`2.0.664`	High risk	310	2026-06-13
`2.0.663`	High risk	310	2026-06-13
`2.0.662`	High risk	310	2026-06-13
`2.0.661`	High risk	310	2026-06-13
`2.0.660`	High risk	310	2026-06-13
`2.0.659`	High risk	310	2026-06-13
`2.0.658`	High risk	310	2026-06-13
`2.0.657`	High risk	310	2026-06-13
`2.0.656`	High risk	310	2026-06-13
`2.0.655`	High risk	310	2026-06-13
`2.0.654`	High risk	310	2026-06-13
`2.0.653`	High risk	310	2026-06-13
`2.0.652`	High risk	310	2026-06-13
`2.0.651`	High risk	310	2026-06-13
`2.0.650`	High risk	310	2026-06-13
`2.0.649`	High risk	310	2026-06-13
`2.0.648`	High risk	310	2026-06-13
`2.0.647`	High risk	310	2026-06-13
`2.0.646`	High risk	310	2026-06-13
`2.0.645`	High risk	310	2026-06-13
`2.0.644`	High risk	310	2026-06-13
`2.0.643`	High risk	310	2026-06-13
`2.0.642`	High risk	310	2026-06-13
`2.0.641`	High risk	310	2026-06-13
`2.0.640`	High risk	310	2026-06-13
`2.0.639`	High risk	310	2026-06-13
`2.0.638`	High risk	310	2026-06-12
`2.0.637`	High risk	310	2026-06-12
`2.0.636`	High risk	310	2026-06-12
`2.0.635`	High risk	310	2026-06-12
`2.0.634`	High risk	310	2026-06-12
`2.0.633`	High risk	310	2026-06-12
`2.0.632`	High risk	310	2026-06-12
`2.0.631`	High risk	310	2026-06-12
`2.0.630`	High risk	310	2026-06-12
`2.0.629`	High risk	310	2026-06-12
`2.0.628`	High risk	310	2026-06-12
`2.0.627`	High risk	310	2026-06-12
`2.0.626`	High risk	310	2026-06-12
`2.0.625`	High risk	310	2026-06-12
`2.0.624`	High risk	310	2026-06-12
`2.0.623`	High risk	310	2026-06-12
`2.0.622`	High risk	310	2026-06-12
`2.0.621`	High risk	310	2026-06-12
`2.0.620`	High risk	310	2026-06-12
`2.0.619`	High risk	310	2026-06-12
`2.0.618`	High risk	310	2026-06-12
`2.0.617`	High risk	310	2026-06-12
`2.0.616`	High risk	310	2026-06-12
`2.0.615`	High risk	310	2026-06-12
`2.0.614`	High risk	310	2026-06-12
`2.0.613`	High risk	310	2026-06-12
`2.0.612`	High risk	310	2026-06-12
`2.0.611`	High risk	310	2026-06-12
`2.0.610`	High risk	310	2026-06-12
`2.0.609`	High risk	310	2026-06-12
`2.0.608`	High risk	310	2026-06-12
`2.0.607`	High risk	310	2026-06-12
`2.0.606`	High risk	310	2026-06-12
`2.0.605`	High risk	310	2026-06-12
`2.0.604`	High risk	310	2026-06-12
`2.0.603`	High risk	310	2026-06-12
`2.0.602`	High risk	310	2026-06-11
`2.0.601`	High risk	310	2026-06-11
`2.0.600`	High risk	310	2026-06-11
`2.0.599`	High risk	310	2026-06-11
`2.0.598`	High risk	310	2026-06-11
`2.0.597`	High risk	310	2026-06-11
`2.0.596`	High risk	310	2026-06-11
`2.0.595`	High risk	310	2026-06-11
`2.0.594`	High risk	310	2026-06-11
`2.0.593`	High risk	310	2026-06-11
`2.0.592`	High risk	310	2026-06-11
`2.0.591`	High risk	310	2026-06-11
`2.0.590`	High risk	310	2026-06-11
`2.0.589`	High risk	310	2026-06-11
`2.0.588`	High risk	310	2026-06-11
`2.0.587`	High risk	310	2026-06-11
`2.0.586`	High risk	310	2026-06-11
`2.0.585`	High risk	310	2026-06-11
`2.0.584`	High risk	310	2026-06-11
`1.2.25`	High risk	310	2026-06-11
`1`	High risk	310	2026-06-11
`2.0.583`	High risk	310	2026-06-11
`2.0.582`	High risk	310	2026-06-11
`2.0.581`	High risk	310	2026-06-11
`2.0.580`	High risk	310	2026-06-11
`2.0.579`	High risk	310	2026-06-11
`2.0.578`	High risk	310	2026-06-11
`2.0.577`	High risk	310	2026-06-11
`2.0.576`	High risk	310	2026-06-10
`2.0.575`	High risk	310	2026-06-10
`2.0.574`	High risk	310	2026-06-10
`2.0.573`	High risk	310	2026-06-10
`2.0.572`	High risk	310	2026-06-10
`2.0.571`	High risk	310	2026-06-10
`2.0.570`	High risk	310	2026-06-10
`2.0.569`	High risk	310	2026-06-10
`2.0.568`	High risk	310	2026-06-10
`2.0.567`	High risk	310	2026-06-10
`2.0.566`	High risk	310	2026-06-10
`2.0.565`	High risk	310	2026-06-10

Campaign attribution

Part of the Bittensor clipboard stealer campaign.

Block this in CI

PkgRadar gates plugin-scanner (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi plugin-scanner==2.0.762

Start free — 25 scans / mo View full evidence