PkgRadar

PyPI · pypi.org

tinybird

Clipboard Crypto Steal: clipboard access library paired with cryptocurrency seed/key patterns

Why PkgRadar flagged 4.6.0

SeveritySignalEvidence
highClipboard Crypto Stealclipboard access library paired with cryptocurrency seed/key patterns · tinybird-4.6.0/tinybird/tb/modules/common.py
highClipboard Crypto Stealclipboard access library paired with cryptocurrency seed/key patterns · tinybird-4.6.0/tinybird/tb_cli_modules/common.py

Scanned versions

VersionVerdictScoreScanned (UTC)
4.6.0High risk272026-06-12
4.6.1.dev0High risk272026-06-12
4.5.12.dev0Review22026-06-02
4.5.11Review22026-06-02
4.5.10Review22026-06-01
4.5.11.dev0Review22026-06-01

Campaign attribution

Part of the Bittensor clipboard stealer campaign.

Block this in CI

PkgRadar gates tinybird (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi tinybird==4.6.0
Start free — 25 scans / moView full evidence