SlowMist: Be aware of the malicious versions 1.14.1 / 0.30.4 of axios and the risk of exposing npm global installation history for OpenClaw.

ME News message, March 31 (UTC+8). As of March 31, 2026, publicly available intelligence shows that axios@1.14.1 and axios@0.30.4 have been confirmed as malicious versions. Both have been injected with an additional dependency, plain-crypto-js@4.2.1. This dependency can deliver cross-platform malicious payloads via a postinstall script. The impact of this incident on OpenClaw needs to be judged by scenario:

1）Source build scenario: Not affected. The v2026.3.28 lock file actually locks axios@1.13.5 / 1.13.6 and does not hit the malicious versions.

2）npm install -g openclaw@2026.3.28 scenario: There is a risk of historical exposure. The reason is that the dependency chain contains: openclaw -> @line/bot-sdk@10.6.0 -> optionalDependencies.axios@^1.7.4. During the time window when the malicious versions were still live, they may be resolved to axios@1.14.1.

3）Current reinstall results: npm has rolled back resolution to axios@1.14.0, but in environments where it was installed during the attack window, it is still recommended to treat it as an affected scenario and to check for IoC.

In addition, SlowMist notes: if you find a plain-crypto-js directory present, even if its package.json has already been cleaned, it should still be treated as a high-risk execution artifact. For hosts where npm install or npm install -g openclaw@2026.3.28 was executed within the attack window, it is recommended to immediately rotate credentials and conduct host-side investigation. (Source: ODAILY)