py-clob-clients @0.1.8
Vulnerability report · Last retrieved from osv.dev June 23, 2026 at 3:29 AM UTC
OSV ID
MAL-2026-3220
Ecosystem
pypi
Summary
Package exfiltrates env variables from .env files. It's a typosquatting of a legitimate package and is used in a malicious GitHub repository --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2026-05-py-clob-clients Reasons (based on the campaign): - typosquatting - crypto-related - exfiltration-env-variables - action-hidden-in-lib-usage - The malicious code is intentionally included in a dependency of the package
Source: kam193 (7136140b365c314a42f5efe300779f093c40a41fb5c2258c7f5ff05c88eba2f8)
Protect your entire dependency tree
Scan your lock files automatically on every PR. Block malicious packages before they reach production.