Malicious code in @spzhongwin/skill-logger-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 970980f38a6389d5b622ca41ba3b418f1538b2a38f595536c97acb934012b8b9 The package advertises itself as a skill usage/error logger but, when activated via the openclaw gatewaystart hook, opens a persistent WebSocket to a...