MAL-2026-5751
See a problem?- Import Source
- https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/oh-my-ashclaw/MAL-2026-5751.json
- JSON Data
- https://api.osv.dev/v1/vulns/MAL-2026-5751
- Published
- 2026-06-13T20:59:00Z
- Modified
- 2026-06-13T21:46:45.576278020Z
- Summary
- Malicious code in oh-my-ashclaw (npm)
- Details
-
-= Per source details. Do not edit below this line.=-
Source: amazon-inspector (daf0a5a6234cbf55718057017cbe143ab41ad1aaf7964ebfaab6dfe12703b005)
On
npm install, the package's postinstall hook.prepare.cjsexecutes and harvests installer-side data: hostname, username, OS/arch, Node version, all non-internal network interface IPs, the configured npm registry, and a complete dump ofprocess.env(filtered only to dropnpm_lifecycle*keys). This payload is HTTPS POSTed in Lark message format toopen.larksuite.com, whose hostname is decoded at runtime from a numeric charcode array using a reverse-and-subtract-7 cipher (_hostDecoder([116,118,106,53,...])→open.larksuite.com); the URL path is separately XOR-decoded with keyZk9x. Cover-story comments label the script 'Build Environment Telemetry'. The full env dump captures any developer/CI secrets present in the shell (GITHUB_TOKEN,NPM_TOKEN,AWS_ACCESS_KEY_ID/AWS_SECRET_ACCESS_KEY, cloud provider keys, internal URLs, arbitrary CI variables). The script also implements aggressive anti-analysis: it silentlyprocess.exit(0)s when it detects honeypot env vars (PYPI_POISON_HONEY_TOKEN,PYPI_POISON_AUDIT_LOG_NODE,PP_ARTIFACT_SHA256,THREAT_ANALYZER_MODEL,ASPECT_TLOG,MUADDIB_GVISOR), sandbox env-var prefixes (SANDYCLAW_,OPENCLAW_,PERMISO_,CHAINRADAR_),NODE_OPTIONSinjecting-r, specific test AWS keys, hostnames matchingdetonat|cuckoo|virus|scan|chainradar, sandbox usernames,HOMEcontainingopenclaw, and CI count >=3. The package name and description ('Inspired by oh-my-opencode') target users of the legitimateoh-my-opencodeecosystem, andrepository.urlis the placeholdergit+https://github.com/your-repo/oh-my-ashclaw.git. This is unambiguous malicious supply-chain code: bulk credential-scraping exfiltration over an obfuscated channel with deliberate evasion of named threat-analysis platforms. - Database specific
{ "malicious-packages-origins": [ { "id": "IN-MAL-2026-006395", "versions": [ "4.11.2" ], "sha256": "1eea8d9a73fc4dce5669cb1b347d083ea5defb353006a5bf7321fdcc36ae3bff", "source": "amazon-inspector", "modified_time": "2026-06-13T20:59:01Z", "import_time": "2026-06-13T21:32:33.073857491Z" }, { "id": "IN-MAL-2026-006394", "versions": [ "4.11.2" ], "sha256": "daf0a5a6234cbf55718057017cbe143ab41ad1aaf7964ebfaab6dfe12703b005", "source": "amazon-inspector", "modified_time": "2026-06-13T20:59:00Z", "import_time": "2026-06-13T21:32:33.028078715Z" } ] }- References
- Credits
-
-
- Amazon Inspector - FINDER
-
Affected packages
npm / oh-my-ashclaw
Package
- Name
- oh-my-ashclaw
- View open source insights on deps.dev
- Purl
- pkg:npm/oh-my-ashclaw
Database specific
cwes
[
{
"description": "The product contains code that appears to be malicious in nature.",
"name": "Embedded Malicious Code",
"cweId": "CWE-506"
}
]
indicators
{
"evidence_files": [
{
"path": ".prepare.cjs",
"sha256": "d17157828b17732d1577bf74528962b924d57f28f238f5df8fe3c31411ae84a4",
"tlsh": "ade131ced3a11ae5ab5108a3841e750a58b8c1231d2d92d8bcd4c2d77ff5b7056aa3fc"
},
{
"path": "package.json",
"sha256": "6fea38e545b146c37bf21b8810e101ceb457fac7d056d5383b0fae95e45c11c0",
"tlsh": "6081fb34dc26ceb31bc418a279749251f1659467ce59f803b3caa26d0f8d19f21bba2d"
}
],
"package_integrity": [
{
"filename": "oh-my-ashclaw-4.11.2.tgz",
"hashes": {
"sha512_sri": "sha512-2yfuJEQKlHVmIdkihvYl5NSTQUD8ZHcsB9xA6GQHLGc6wsPnFHqRZjL1cOfqjEoy5ZchjYBVcn2jKtfP5ao+Eg==",
"sha1": "4e45a9652fb125518d31d9fcbe51e151682c7568"
}
}
],
"ips": [
"140.82.114.3"
],
"domains": [
"github.com"
]
}
source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/oh-my-ashclaw/MAL-2026-5751.json"