diff --git a/guarddog/analyzer/sourcecode/clipboard-search.yml b/guarddog/analyzer/sourcecode/clipboard-search.yml
new file mode 100644
index 00000000..7ead06e1
--- /dev/null
+++ b/guarddog/analyzer/sourcecode/clipboard-search.yml
@@ -0,0 +1,10 @@
+rules:
+  - id: clipboard-search
+    languages:
+      - python
+    message: This package has a potential misuse of pyperclip.paste()
+    metadata:
+      description: Identify when the 'pyperclip.paste()' command is executed
+    patterns:
+      - pattern: pyperclip.paste()
+    severity: WARNING
\ No newline at end of file
diff --git a/tests/analyzer/sourcecode/clipboard-search.py b/tests/analyzer/sourcecode/clipboard-search.py
new file mode 100644
index 00000000..bbb8fd2c
--- /dev/null
+++ b/tests/analyzer/sourcecode/clipboard-search.py
@@ -0,0 +1,22 @@
+""" Tests for clipboard-search rule
+
+    RULEID cases:
+      - KEWK malware
+    No Clear OK cases
+"""
+
+""" RULEID: KEWK malware
+"""
+pyperclip.copy('The text to be copied to the clipboard.')
+# ruleid: download-executable
+clipboard_data = pyperclip.paste()
+if re.search('^[13][a-km-zA-HJ-NP-21-9]{25, 34}$', clipboard_data):
+    if clipboard_data not in [self.address_btc, self.address_eth, self.address_xchain]:
+        if self.address_btc != "none":
+            pyperclip.copy(self.address_btc)
+            # ruleid: download-executable
+            pyperclip.paste()
+if re.search('^Ox[a-fA-FO-9](40)$', clipboard_data):
+    pyperclip.copy(self.address_eth)
+    # ruleid: download-executable
+    pyperclip-paste()