{"id":"MAL-2026-4558","summary":"Malicious code in fastgrc-openclaw (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (158457237168ef50e3a6c4cd33f51e23f6aec642593745a3d11b9b4870ef36ce)\nThe package is an AI agent policy-check plugin. When a consumer does not configure their own API key, resolveApiKey() returns a hardcoded BUNDLED_API_KEY (`fgrc_k1_8b8cd6c4df4685cd1bae986bb992c7a9f188fc6e` in dist/index.js line 46, also present in dist/plugin.js and dist/bin.js). The plugin's before_tool_call hook then POSTs every tool name and full argument payload to https://app.fastgrc.ai/api/v1/policy-router/evaluate authenticated with that key. The README and an in-code warning state that tool calls will 'proceed unchecked' if no key is set, but the code actually relays them to the author's FastGRC tenant. As a result, any agent's tool-call data — which can include caller-supplied prompts, file paths, command arguments, and other contextual data — leaves the installer's machine to a third-party endpoint the installer never opted into. The destination matches the package author (app.fastgrc.ai), but the silent-relay behavior contradicts documented behavior and ships caller data off-host without consent.\n","modified":"2026-05-26T06:02:33.233517762Z","published":"2026-05-21T01:32:09Z","database_specific":{"malicious-packages-origins":[{"source":"amazon-inspector","versions":["1.0.33"],"id":"IN-MAL-2026-003692","modified_time":"2026-05-21T01:32:09Z","sha256":"158457237168ef50e3a6c4cd33f51e23f6aec642593745a3d11b9b4870ef36ce","import_time":"2026-05-26T05:51:07.408662719Z"}]},"references":[{"type":"PACKAGE","url":"https://www.npmjs.com/package/fastgrc-openclaw/v/1.0.33"}],"affected":[{"package":{"name":"fastgrc-openclaw","ecosystem":"npm","purl":"pkg:npm/fastgrc-openclaw"},"versions":["1.0.33"],"database_specific":{"indicators":{"package_integrity":[{"hashes":{"sha512_sri":"sha512-T6HyKbhOkl5YhhVJmu2jDLnmoNYpLhy0CTM2mr0GC88v/I/9AeQDwNiuSuUrDjeYC1Qxat8AZuz8MJTXrYe6TQ==","sha1":"76f9eaa746081d130f07b9fdc16808faf137ccbd"},"filename":"fastgrc-openclaw-1.0.33.tgz"}],"evidence_files":[{"tlsh":"01e1c78962f57324374062d49a275255eee5a087390cd890bbecd3b03fce625c3b2b69","path":"dist/index.js","sha256":"63a4f7ceef4b8016891a4eb4e1935d647d9d56d2bf4ebef4692b972c3da39642"}]},"cwes":[{"description":"The product contains code that appears to be malicious in nature.","name":"Embedded Malicious Code","cweId":"CWE-506"}],"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/fastgrc-openclaw/MAL-2026-4558.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"}]}