OpenSourceMalware currently lists proxyclaw-mcp-server as malicious under record:
e3f80a07-5f4f-492a-9ba5-f7f6c80ca806
This is a false positive. We have requested that OSM either provide the exact private payload indicator/evidence or remove/reclassify the record.
Package
Reproducible build evidence
Current PyPI artifacts are reproducibly built from public source. A clean local rebuild produced artifacts matching PyPI exactly:
- Wheel hash matches PyPI:
3f81959d...
- Sdist hash matches PyPI:
1180d6bb...
Static review evidence
Static review found:
- No install hooks
- No shell execution
- No obfuscation
- No credential exfiltration
- Runtime secret access is limited to
IPLOOP_API_KEY
Request to OpenSourceMalware
Please provide the private payload indicator/evidence for this classification, or remove/reclassify the record.
OpenSourceMalware currently lists
proxyclaw-mcp-serveras malicious under record:e3f80a07-5f4f-492a-9ba5-f7f6c80ca806This is a false positive. We have requested that OSM either provide the exact private payload indicator/evidence or remove/reclassify the record.
Package
proxyclaw-mcp-serverd40264bReproducible build evidence
Current PyPI artifacts are reproducibly built from public source. A clean local rebuild produced artifacts matching PyPI exactly:
3f81959d...1180d6bb...Static review evidence
Static review found:
IPLOOP_API_KEYRequest to OpenSourceMalware
Please provide the private payload indicator/evidence for this classification, or remove/reclassify the record.