SlowMist: Be aware of the malicious versions 1.14.1 / 0.30.4 of axios and the risk of exposing npm global installation history for OpenClaw.

ME News announcement, March 31 (UTC+8). As of March 31, 2026, publicly available intelligence shows that axios@1.14.1 and axios@0.30.4 have been confirmed as malicious versions. Both have been injected with an additional dependency plain-crypto-js@4.2.1, which can deliver cross-platform malicious payloads via a postinstall script. The impact of this incident on OpenClaw needs to be judged by scenario: 1) Source build scenario: not affected. The v2026.3.28 lockfile actually locks axios@1.13.5 / 1.13.6, which does not hit the malicious versions. 2) npm install -g openclaw@2026.3.28 scenario: there is a historical exposure risk. The reason is that the dependency chain includes: openclaw -> @line/bot-sdk@10.6.0 -> optionalDependencies.axios@^1.7.4. During the time window when the malicious version was still online, it may be resolved to axios@1.14.1. 3) Current reinstallation result: npm has rolled back resolution to axios@1.14.0, but in environments where axios was installed during the attack window, it is still recommended to treat it as an affected scenario and check for IoCs. In addition, SlowMist advises that if you find a plain-crypto-js directory present, even if its package.json has been cleaned, it should still be viewed as a high-risk execution artifact. For hosts that ran npm install or npm install -g openclaw@2026.3.28 during the attack window, it is recommended to immediately rotate credentials and conduct host-side investigations. (Source: ODAILY)