Hunting the OpenClaw RAT: npm Supply Chain Detection Logic
Hey team,
Just caught the report on the @openclaw-ai/openclawai package posing as a legitimate installer. It’s currently live on the registry with ~180 downloads, dropping a RAT and targeting macOS keychains. Since there isn't a CVE assigned yet for this specific supply chain vector, we need to rely heavily on behavioral detection.
I’m particularly concerned about the post-install scripts. If you're running CI/CD or dev environments on macOS, you'll want to audit your package-lock. for this specific namespace immediately.
Here is a quick YARA rule snippet I’m drafting to catch the obfuscated install script often associated with this type of payload:
yara rule OpenClaw_Malicious_NPM { meta: description = "Detects obfuscated npm install scripts targeting OpenClaw" author = "SecurityArsenal" strings: $obf1 = "eval(String.fromCharCode" nocase $package = "@openclaw-ai/openclawai" nocase $keychain = "security find-internet-password" nocase condition: 2 of them }
Has anyone integrated npm audit signatures into their SIEM yet to catch these kinds of zero-day package uploads automatically?
We block all preinstall and postinstall scripts in our dev environment by default using the --ignore-scripts flag. It breaks some packages, but it's saved us from this exact type of RAT deployment twice this year already. You can enforce it via npmrc:
npm config set ignore-scripts true
Developers complain, but security wins.
Solid YARA rule. I'd also add a check for the specific process tree. If node spawns a bash shell that immediately calls security (the macOS Keychain utility), that's a massive red flag.
I'm using this Osquery query to hunt for it:
SELECT * FROM processes WHERE parent IN (SELECT pid FROM processes WHERE name = 'node') AND name = 'sh' AND cmdline LIKE '%security%';
Caught a similar crypto-miner with that logic last month.
Solid points on runtime detection. To complement that, I suggest auditing your package-lock. statically before running npm install. Since this package targets specific keychain commands, you can grep for the malicious package name to catch typo-squatting early:
grep -i "openclaw" package-lock.
We’ve also had success with private registry proxies that quarantine packages with fewer than 100 downloads for manual review, which helps stop these zero-day supply chain pushes.
Verified Access Required
To maintain the integrity of our intelligence feeds, only verified partners and security professionals can post replies.
Request Access