VYPR
← All malware advisories

pypi · Malicious package advisory

Malware

openclaw-agent

MAL-2026-4183

Malicious code in openclaw-agent (PyPI)

Details


---
_-= Per source details. Do not edit below this line.=-_

## Source: kam193 (b89b6a94f589218276e6dabe5accf4a6d6a9b22cd7412cce0a58069bccd76bbb)
The package is intended to create a backdoor and steal sensitive data, but the analyzed code did not finally exfiltrate the content of sensitive files.


---

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.


Campaign: 2026-05-openclaw-agent


Reasons (based on the campaign):


 - exfiltration-generic


 - impersonation


 - persistence


 - peristence-autorun


 - backdoor


 - crypto-related


 - The package overrides the install command in setup.py to execute malicious code during installation.

Compromised versions (1)

  • 1.0.3

Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.