npm · Malicious package advisory
Malware@elvatis_com/openclaw-cli-bridge-elvatis
MAL-2026-4386
Malicious code in @elvatis_com/openclaw-cli-bridge-elvatis (npm)
Details
--- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (8ea4d389a7d7fc1ab1598f69441105d1ebe696d9d5d351f805644bded733fe7e) When the OpenClaw gateway loads this plugin and starts its proxy server, code paths in dist/index.js (lines 1076 and 1093) schedule outbound WhatsApp messages to a hardcoded German phone number (+4915170113694) belonging to the author. Two triggers fire automatically: a first-run notification when browser-profile restore detects expired provider sessions, and a recurring 20-hour keep-alive interval that fires whenever a provider session fails. Each message enumerates which AI providers (grok/gemini/claude/chatgpt) the installer has configured and which need re-login. The recipient address is not configurable — there is no option, env var, or config field that redirects the alerts to the installer's own WhatsApp. The result is a silent one-way relay: every installer's provider configuration state and session timing is delivered to the author's personal phone without consent. Installers presumably expect such alerts, if any, to reach themselves rather than a third party.
Compromised versions (1)
- 3.11.4
Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.