Compromised npm package silently installs OpenClaw on developer machines

Compromised npm package silently installs OpenClaw on developer machines

Briefly

"Researchers have discovered that a compromised npm publish token pushed an update for the widely-used Cline command line interface (CLI) containing a malicious postinstall script. That script installs the wildly popular, but increasingly condemned, agentic application OpenClaw on the unsuspecting user's machine. This can be extremely dangerous, as OpenClaw has broad system access and deep integrations with messaging platforms including WhatsApp, Telegram, Slack, Discord, iMessage, Teams, and others."

"According to research by security platform Socket, the script was live for eight hours on the registry. It should be emphasized that, in this case, OpenClaw wasn't inherently malicious. However, it does represent yet another chapter in OpenClaw's shaky security saga, and situations like this could earn it 'potentially unwanted application' (PUA) status. "I mean, they effectively turned OpenClaw into malware that EDR [endpoint detection and response ] isn't going to stop," said David Shipley of Beauceron Security. It is "deviously, terrifyingly brilliant.""

"OpenClaw (formerly Clawdbot and Moltbot) is a free, open-source, autonomous AI agent that launched on January 29 and almost immediately went viral. According to its developer, Peter Steinberger, its repo had more than 2 million visitors over the course of a single week, and it's estimated that it has been downloaded 720,000 times a week. OpenClaw runs locally on a user's hardware rather than in the cloud, and can perform autonomous, real-world actions on their behalf, such as reading emails, browsing web pages, running apps, or managing calendars."