Compromised npm package silently installs OpenClaw on developer machines
Compromised npm package silently installs OpenClaw on developer machines
Publish Date: 2026-02-20 21:53:00
Source Domain: www.csoonline.com
Users love OpenClaw; attackers do, too
OpenClaw (formerly Clawdbot and Moltbot) is a free, open-source, autonomous AI agent that launched on January 29 and almost immediately went viral. According to its developer, Peter Steinberger, its repo had more than 2 million visitors over the course of a single week, and it’s estimated that it has been downloaded 720,000 times a week.
OpenClaw runs locally on a user’s hardware rather than in the cloud, and can perform autonomous, real-world actions on their behalf, such as reading emails, browsing web pages, running apps, or managing calendars.
However, almost immediately after release, it raised serious security issues: It is prone to prompt injection attacks, authentication bypasses, and server-side request forgery (SSRF), among other attacks. Many enterprises have responded by severely restricting, or outright banning, the AI agent.
