SlowMist: Beware of a malicious npm package named "@openclaw-ai/openclawai"

PA一线
PA一线

PANews reported on March 10 that SlowMist issued a warning about a malicious npm package called "@openclaw-ai/openclawai". This package masquerades as a legitimate command-line tool called OpenClaw Installe, deploying a multi-layered attack chain to steal system credentials, encrypted wallet private keys, browser data, SSH keys, Apple Keychain databases, and other information.

Share to:

Author: PA一线

This content is for market information only and is not investment advice.

Follow PANews official accounts, navigate bull and bear markets together
Telegram Discussion Group
Telegram News Channel
@PANews
Recommended Reading
PA一线

PA一线

Tongyi Qwen3.6-35B-A3B is an open-source application that focuses on low-cost agent programming and multimodal reasoning.
The Round Trip

The Round Trip1 authors

Interview with the founder of Nansen: From tracking the past to predicting the future, how does AI define "Smart Money 2.0"?
MyToken

MyToken

谁才是OpenClaw真正的最强代理?23项真实任务测评榜单发布
活动集

活动集

Industry experts gathered to discuss reflections and breakthroughs in the era of AI Agents.
PA一线

PA一线

360 recently discovered three vulnerabilities in OpenClaw, including one high-risk and two medium-risk ones.
PA一线

PA一线

OpenClaw responds to Anthropic's subscription rule adjustment: Other subscription services such as API Key or MiniMax can be used.

Popular Articles

Industry News
Market Trends
Curated Readings
Subscribe
PANews App
24/7 blockchain news tracking and in-depth analysis.
Download PANews App
App StoreGoogle Play
PANews APP
Mango attacker Avi Eisenberg's address has reappeared on-chain activity, leading to community speculation that he may be returning to the crypto market.
PANews Newsflash