MAL-2026-4558

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/fastgrc-openclaw/MAL-2026-4558.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2026-4558

Published

2026-05-21T01:32:09Z

Modified

2026-05-26T06:02:33.233517762Z

Summary

Malicious code in fastgrc-openclaw (npm)

Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (158457237168ef50e3a6c4cd33f51e23f6aec642593745a3d11b9b4870ef36ce)

The package is an AI agent policy-check plugin. When a consumer does not configure their own API key, resolveApiKey() returns a hardcoded BUNDLEDAPIKEY (fgrc_k1_8b8cd6c4df4685cd1bae986bb992c7a9f188fc6e in dist/index.js line 46, also present in dist/plugin.js and dist/bin.js). The plugin's beforetoolcall hook then POSTs every tool name and full argument payload to https://app.fastgrc.ai/api/v1/policy-router/evaluate authenticated with that key. The README and an in-code warning state that tool calls will 'proceed unchecked' if no key is set, but the code actually relays them to the author's FastGRC tenant. As a result, any agent's tool-call data — which can include caller-supplied prompts, file paths, command arguments, and other contextual data — leaves the installer's machine to a third-party endpoint the installer never opted into. The destination matches the package author (app.fastgrc.ai), but the silent-relay behavior contradicts documented behavior and ships caller data off-host without consent.

Database specific

{
    "malicious-packages-origins": [
        {
            "modified_time": "2026-05-21T01:32:09Z",
            "versions": [
                "1.0.33"
            ],
            "sha256": "158457237168ef50e3a6c4cd33f51e23f6aec642593745a3d11b9b4870ef36ce",
            "id": "IN-MAL-2026-003692",
            "source": "amazon-inspector",
            "import_time": "2026-05-26T05:51:07.408662719Z"
        }
    ]
}

References

https://www.npmjs.com/package/fastgrc-openclaw/v/1.0.33

Credits

- Amazon Inspector - FINDER
- - actran@amazon.com

Affected packages

npm / fastgrc-openclaw

Package

Name: fastgrc-openclaw; View open source insights on deps.dev
Purl: pkg:npm/fastgrc-openclaw

Affected ranges

Affected versions

1.*

1.0.33

Database specific

indicators

{
    "evidence_files": [
        {
            "sha256": "63a4f7ceef4b8016891a4eb4e1935d647d9d56d2bf4ebef4692b972c3da39642",
            "tlsh": "01e1c78962f57324374062d49a275255eee5a087390cd890bbecd3b03fce625c3b2b69",
            "path": "dist/index.js"
        }
    ],
    "package_integrity": [
        {
            "hashes": {
                "sha512_sri": "sha512-T6HyKbhOkl5YhhVJmu2jDLnmoNYpLhy0CTM2mr0GC88v/I/9AeQDwNiuSuUrDjeYC1Qxat8AZuz8MJTXrYe6TQ==",
                "sha1": "76f9eaa746081d130f07b9fdc16808faf137ccbd"
            },
            "filename": "fastgrc-openclaw-1.0.33.tgz"
        }
    ]
}

cwes

[
    {
        "description": "The product contains code that appears to be malicious in nature.",
        "name": "Embedded Malicious Code",
        "cweId": "CWE-506"
    }
]

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/fastgrc-openclaw/MAL-2026-4558.json"