MAL-2026-4386

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/withdrawn/npm/@elvatis_com/openclaw-cli-bridge-elvatis/MAL-2026-4386.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2026-4386

Withdrawn

2026-05-26T21:28:12Z

Published

2026-05-20T19:35:49Z

Modified

2026-05-27T00:31:54.694355696Z

Summary

Malicious code in @elvatis_com/openclaw-cli-bridge-elvatis (npm)

Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (8ea4d389a7d7fc1ab1598f69441105d1ebe696d9d5d351f805644bded733fe7e)

When the OpenClaw gateway loads this plugin and starts its proxy server, code paths in dist/index.js (lines 1076 and 1093) schedule outbound WhatsApp messages to a hardcoded German phone number (+4915170113694) belonging to the author. Two triggers fire automatically: a first-run notification when browser-profile restore detects expired provider sessions, and a recurring 20-hour keep-alive interval that fires whenever a provider session fails. Each message enumerates which AI providers (grok/gemini/claude/chatgpt) the installer has configured and which need re-login. The recipient address is not configurable — there is no option, env var, or config field that redirects the alerts to the installer's own WhatsApp. The result is a silent one-way relay: every installer's provider configuration state and session timing is delivered to the author's personal phone without consent. Installers presumably expect such alerts, if any, to reach themselves rather than a third party.

Database specific

{
    "malicious-packages-origins": [
        {
            "sha256": "8ea4d389a7d7fc1ab1598f69441105d1ebe696d9d5d351f805644bded733fe7e",
            "id": "IN-MAL-2026-003604",
            "source": "amazon-inspector",
            "modified_time": "2026-05-20T19:35:49Z",
            "versions": [
                "3.11.4"
            ],
            "import_time": "2026-05-26T05:50:56.886236358Z"
        }
    ]
}

References

https://www.npmjs.com/package/@elvatis_com/openclaw-cli-bridge-elvatis/v/3.11.4

Credits

- Amazon Inspector - FINDER
- - actran@amazon.com

Affected packages

npm / @elvatis_com/openclaw-cli-bridge-elvatis

Package

Name: @elvatis_com/openclaw-cli-bridge-elvatis; View open source insights on deps.dev
Purl: pkg:npm/%40elvatis_com%2Fopenclaw-cli-bridge-elvatis

Affected ranges

Affected versions

3.*

3.11.4

Database specific

source

"https://github.com/ossf/malicious-packages/blob/main/osv/withdrawn/npm/@elvatis_com/openclaw-cli-bridge-elvatis/MAL-2026-4386.json"

cwes

[
    {
        "name": "Embedded Malicious Code",
        "description": "The product contains code that appears to be malicious in nature.",
        "cweId": "CWE-506"
    }
]

indicators

{
    "evidence_files": [
        {
            "tlsh": "adc3933a24bf123479b3e06dab2b21136729b0073644d868769db3146fcd05d8af6bf5",
            "sha256": "df4e6ff7d9a45d1c6b2f4779f73e1e621d9b2e5a65cc3f360fe4ec5a0499650c",
            "path": "dist/index.js"
        }
    ],
    "package_integrity": [
        {
            "filename": "openclaw-cli-bridge-elvatis-3.11.4.tgz",
            "hashes": {
                "sha1": "4857f037b56f0910a41f57589e8d33dba6d3f263",
                "sha512_sri": "sha512-N4mlYSpPJE1OdRE3hUZjmkf6ltSJ+gWK3WXkrj1vjslHDLsWTVCzYChqC0bc1fg1nMM6NCUOlR+mZVSoiLlfQQ=="
            }
        }
    ]
}