SlowMist: Be aware of the malicious versions 1.14.1 / 0.30.4 of axios and the risk of exposing npm global installation history for OpenClaw.

ME News update, March 31 (UTC+8), as of March 31, 2026, publicly available intelligence shows that axios@1.14.1 and axios@0.30.4 have both been confirmed as malicious versions. Both have been injected with an additional dependency, plain-crypto-js@4.2.1. This dependency can deliver cross-platform malicious payloads via a postinstall script. The impact of this incident on OpenClaw needs to be judged by scenario: 1) Source build scenario: not affected. The actual lock file for v2026.3.28 locks axios@1.13.5 / 1.13.6 and does not hit the malicious versions. 2) npm install -g openclaw@2026.3.28 scenario: there is a historical exposure risk. The reason is that the dependency chain contains: openclaw -> @line/bot-sdk@10.6.0 -> optionalDependencies.axios@^1.7.4. During the time window when the malicious versions are still live online, axios@1.14.1 may be resolved. 3) Current reinstallation result: npm has reverted resolution to axios@1.14.0, but for environments in which installation occurred within the attack window, it is still recommended to treat them as an affected scenario and check for IoCs. In addition, SlowMist advises that if the plain-crypto-js directory is found, even if its package.json has been cleaned up, it should be treated as a high-risk execution trace. For hosts that executed npm install or npm install -g openclaw@2026.3.28 within the attack window, it is recommended to immediately rotate credentials and conduct host-side investigations. (Source: ODAILY)