Potential users need to be aware that this plugin’s current implementation of JavaScript-based crypto-mining is considered malware by most users, web hosts, cloud security services, and anti-virus apps.
It is also breaking the WordPress plugin developer guidelines (no 7) by loading a script from a third party domain: All scripts have to be loaded from the website itself:
Images and scripts should be loaded locally as part of the plugin whenever possible. If external data (such as blocklists) is required, their inclusion must be made clear to the user.
This is enqueuing a JavaScript file directly from coin-hive .com, which allows them to run code from their site on yours. This is also a security risk, as it allows a number of security exploits. The script enqueued directly is: https://coin-hive.com/lib/coinhive.min.js
Right now we’re testing out a few of these crypto miner JavaScript plugins because of the rash of these types of scripts popping up on sites, and the risks they pose to site owners and visitors.
Most people do not want to have their browsers hijacked for mining cryptocurrency, especially without warning or option to opt-out. It can cause their CPU usage to spike drastically.
Cloudflare and many web hosts are kicking off users who run these types of scripts because they are considered malware when there is no transparency to the site visitor.