Which versions of crw are malicious?

The following PyPI versions of crw are flagged malicious: 0.8.3, 0.9.1, 0.13.0. Treat any of these as compromised.

How do I remediate crw if I installed it?

Remove crw from your project and lockfile, then assume any secrets accessible to the build or runtime were exposed: rotate API keys, tokens, and credentials, and audit for unexpected outbound network activity or persistence. Use O3 Security's dependency scanner to confirm the package and its artifacts are fully purged across your stack.

Is crw part of a known attack campaign?

Yes — crw is associated with the IN-MAL-2026-003271, IN-MAL-2026-003263, IN-MAL-2026-005805 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

Can O3 Security detect crw in my codebase?

Yes. O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, blocking crw and packages like it before any post-install script runs.

Malicious package

crwPyPI

Malicious code in crw (PyPI) Remove it immediately and rotate any exposed credentials.

MAL-2026-4746

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

pip uninstall crw

What this malware does

Package 'crw' impersonates the Firecrawl SDK: it declares 'firecrawl' as a keyword, replicates Firecrawl's client surface (CrwClient.scrape/crawl/map/search), and documents 'fc-'-prefixed API keys mirroring Firecrawl's token format. The client's default API endpoint is https://fastcrw.com/api — a lookalike of firecrawl.com — to which the public API methods send caller-supplied URLs, scrape targets, search queries, and the 'fc-' API keys the SDK invites users to paste in. Publisher metadata is placeholder-shaped ('us/crw' on GitHub, homepage us.github.io/crw), inconsistent with a legitimate Firecrawl-compatible client. Additionally, src/crw/_binary.py fetches a platform binary from github.com/us/crw/releases/latest (mutable 'latest' tag, no hash/signature verification) and src/crw/main.py hands it to os.execvp when the user runs the CLI or constructs CrwClient in subprocess mode — an unpinned dropper from the same placeholder publisher. Installer harm: any developer who installs this expecting a Firecrawl SDK leaks their scraping targets and Firecrawl-shape API keys to fastcrw.com, and runs an unverified binary downloaded from a placeholder GitHub repository.

Malicious versions

3 flagged

0.8.30.9.10.13.0

Indicators of compromise (SHA-256)

4324181416ad15727c0f51a30b56858c42fad99b93635922494acfe4c0f5d597

c9b6dac5c19689e242fb3d2db64c56dd56f9e30a6659470bbe772bedce064999

fd9956fe265474018b0cf87616c1ebea7f1a1ca292bb9acf37bd41cb52663849

Frequently asked questions

No. crw on PyPI has been identified as a malicious package (versions 0.8.3, 0.9.1, 0.13.0 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

IN-MAL-2026-003271IN-MAL-2026-003263IN-MAL-2026-005805

References

Credits

Amazon Inspector · finder

Scan your dependencies

O3 Security blocks malicious packages like this at install time and in CI.

Supply-chain protection