Malicious code in @shadanai/openclaw (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c0e2f02ab1bb3d99de1787ed7d69f1df97bd3b2d7c18cc8ba4e5f8688f649ce9 On npm install, scripts/postinstall.mjs performs several installer-harm actions. 1 Backdoor: writes /.openclaw/openclaw.json configuring a local...

Credential Exposure

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Credential Exposure in the form of gateway query parameter hook tokens being sent in websocket responses. An attacker who convinces a user to follow a link with a malicious gatewayUrl URL...

Credential Exposure

Overview clawdbot is a WhatsApp gateway CLI Baileys web with Pi RPC agent Affected versions of this package are vulnerable to Credential Exposure in the form of gateway query parameter hook tokens being sent in websocket responses. An attacker who convinces a user to follow a link with a maliciou...

Netenum - A Tool To Passively Discover Active Hosts On A Network

Network reconnaisance tool that sniffs for active hosts Introduction Netenum passively monitors the ARP traffic on the network. It extracts basic data about each active host, such as IP address, MAC address and manufacturer. The main objective of this tool is to find active machines without...