Static pattern: clipboard-access — 1 caught | Cremit

AUTO-PUBLISHED/pypi/12h ago

pipeline-check@1.1.0

by Daniel Martin

CI/CD Security Posture Scanner — scores AWS, Terraform, CloudFormation, GitHub Actions, GitLab CI, Azure DevOps, Bitbucket Pipelines, Jenkins, CircleCI, Google Cloud Build, Buildkite, Drone CI, Tekton, Argo Workflows, Dockerfile, Kubernetes manifests, Helm charts, OCI image manifests, SCM repo posture (GitHub / GitLab / Bitbucket), npm and pypi dependency files against OWASP Top 10 CI/CD Risks and 14 other compliance frameworks

steals →npm tokenGitHub PATGitLab PATAI API keys

py-pip-install-runtimereads-github-tokensreads-gitlab-tokensreads-ai-api-keysreads-env-varsreads-homedirchild-process-spawnpy-sys-platform-branch+14

→ Worm self-propagation: package reads .npmrc _authToken AND invokes npm publish in install-path code. Shai-Hulud-class shape — no legitimate package re-publishes OTHER packages from the user's machine.

weekly

431

/wk

llm verdict

malicious 0.96

h-score

patterns

size

1.7 MB

versions

AUTO-PUBLISHED/npm/2024-10-28/MAL-2026-4118

@antv/xflow@2.2.4

by newbyvector

[English (US)](README.md) | 简体中文

public-github-pushclipboard-access

→ 의심 전송지 없음, 원격 실행 형태 없음 — 15 known-vendor host(s).

weekly

—

/wk

llm verdict

benign 0.85

h-score

patterns

size

4.1 MB

versions

103

AUTO-PUBLISHED/npm/2023-04-06/MAL-2026-4119

@antv/xflow-core@1.0.55

by newbyvector

## Getting Started

clipboard-access

→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).

weekly

32K

/wk

llm verdict

benign 0.85

h-score

patterns

size

2.9 MB

versions

AUTO-PUBLISHED/npm/2026-03-18/MAL-2026-3839

@antv/x6@3.1.7

by gaofuhong

JavaScript diagramming library that uses SVG and HTML for rendering

public-github-pushclipboard-access

→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).

weekly

—

/wk

llm verdict

benign 0.85

h-score

patterns

size

8.2 MB

versions

426

AUTO-PUBLISHED/npm/2023-04-12/MAL-2026-4101

@antv/x6-plugin-clipboard@2.1.6

by newbyvector

clipboard plugin for X6

→ sends tohttps://x6.antv.antgroup.com/tutorial/plugins/clipboard

public-github-pushclipboard-access

→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s), 1 other host(s).

weekly

—

/wk

llm verdict

benign 0.85

h-score

patterns

size

60.9 KB

versions

AUTO-PUBLISHED/npm/2026-01-31/MAL-2026-4087

@antv/t8@0.3.0

by atool

T8 is a text visualization solution for unstructured data within the AntV technology stack, and it is a declarative T8 markdown syntax that can be used to describe the content of data interpretation reports.

clipboard-access

→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).

weekly

—

/wk

llm verdict

benign 0.85

h-score

patterns

size

780.5 KB

versions

AUTO-PUBLISHED/npm/2d ago/MAL-2026-4077

@antv/s2@2.7.1

by GitHub Actions

effective spreadsheet render core lib

→ sends tohttps://s2.antv.antgroup.com

public-github-pushclipboard-accessreads-env-vars

→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s), 1 other host(s).

weekly

7.7K

/wk

llm verdict

benign 0.85

h-score

patterns

size

14.8 MB

versions

336

AUTO-PUBLISHED/npm/2022-11-14/MAL-2026-4074

@antv/narrative-text-vis@0.3.16

by bbsqq

React component of interactive narrative text

reads-env-varschild-process-spawnclipboard-access

→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).

weekly

—

/wk

llm verdict

benign 0.85

h-score

patterns

size

3.9 MB

versions

AUTO-PUBLISHED/npm/2024-03-29/MAL-2026-4039

@antv/l7-editor@1.1.13

by yanxiong

Geographic data editing tool based on L7

install-path-npm-publishclipboard-accesseval-dynamicfunction-constructor

weekly

/wk

h-score

patterns

size

1.0 MB

versions

AUTO-PUBLISHED/npm/2023-09-06/MAL-2026-4010

@antv/gi-assets-xlab@0.1.30

by kopiluwaky

A G6VP asset for X-lab.

→ sends tohttps://github.com/X-lab2017/gi-assets-xlab#readme

public-github-pushclipboard-access

→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s), 1 other host(s).

weekly

—

/wk

llm verdict

benign 0.85

h-score

patterns

size

3.0 MB

versions

AUTO-PUBLISHED/npm/2024-08-06/MAL-2026-3838

@antv/gi-assets-advance@2.5.22

by iaaron

G6VP 高级资产包

clipboard-access

→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).

weekly

—

/wk

llm verdict

benign 0.85

h-score

patterns

size

7.9 MB

versions

AUTO-PUBLISHED/npm/2017-12-15/MAL-2026-3974

@antv/g2-brush@0.0.2

by simaq

Select a one-, two-dimensional or irregular region using the mouse.

→ sends tohttps://zenorocha.github.io/clipboard.js

reads-env-varsclipboard-accessfunction-constructorchild-process-spawnreads-homedir

→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).

weekly

—

/wk

llm verdict

benign 0.85

h-score

patterns

versions

AUTO-PUBLISHED/npm/2024-05-09/MAL-2026-3854

@antv/ava-react@3.3.2

by bbsqq

React components of AVA.

→ sends tohttps://github.com/facebook/regenerator/blob/main/LICENSE

clipboard-access

→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).

weekly

208

/wk

llm verdict

benign 0.85

h-score

patterns

size

2.2 MB

versions