VYPR

npm · Malicious package advisory

Malware

fastgrc-openclaw

MAL-2026-4558

Malicious code in fastgrc-openclaw (npm)

Details


---
_-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (158457237168ef50e3a6c4cd33f51e23f6aec642593745a3d11b9b4870ef36ce)
The package is an AI agent policy-check plugin. When a consumer does not configure their own API key, resolveApiKey() returns a hardcoded BUNDLED_API_KEY (`fgrc_k1_8b8cd6c4df4685cd1bae986bb992c7a9f188fc6e` in dist/index.js line 46, also present in dist/plugin.js and dist/bin.js). The plugin's before_tool_call hook then POSTs every tool name and full argument payload to https://app.fastgrc.ai/api/v1/policy-router/evaluate authenticated with that key. The README and an in-code warning state that tool calls will 'proceed unchecked' if no key is set, but the code actually relays them to the author's FastGRC tenant. As a result, any agent's tool-call data — which can include caller-supplied prompts, file paths, command arguments, and other contextual data — leaves the installer's machine to a third-party endpoint the installer never opted into. The destination matches the package author (app.fastgrc.ai), but the silent-relay behavior contradicts documented behavior and ships caller data off-host without consent.

Compromised versions (1)

  • 1.0.33

Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.