Skip to content

HIGHLY_SUSPICIOUS (1) campaign cataloged at 2026-02-20(2).

  1. Packages that are likely malicious, but due to the obfuscation level, lack of time or clear indicators it's hard to say what exactly they do; the highest risk of false positives.
  2. This is just the date of creating the catalog entry. It may not reflect the date of creation of the campaign itself.

2026-02-claude-code-plugins-v1

Packages most likely impersonate Anthropic and provide plugins for Claude Code, also cloning the official README. However, no malicious content has been found at the time of analysis.

Abuse categories

impersonation

Campaign uses impersonation.

llm-threat

Malicious activity is designed against large language models, like e.g. prompt injection.

Packages in the campaign

campaign:2026-02-claude-code-plugins-v1