Foresight News|Mar 31, 2026 07:11
[SlowMist Yu Jian: The latest version of OpenClaw may introduce a compromised axios]
Foresight News reports that SlowMist founder Yu Jian stated, 'We have basically confirmed that if your OpenClaw is the latest version 3.28, it may introduce a compromised axios. Please conduct thorough checks! Additionally, not only could OpenClaw directly introduce it, but related Skills might also rely on axios, leading to indirect compromise. Of course, since axios is so widely used, conducting checks is absolutely necessary. Fortunately, the poisoning incident was discovered in a timely manner.'
Earlier, Foresight News reported that Socket AI founder Feross issued a warning, stating that the core dependency package axios in the npm ecosystem has been subjected to an active supply chain attack. Its latest version, axios@1.14.1, was injected with a previously non-existent malicious package, plain-crypto-js@4.2.1.
Share To
Timeline
HotFlash
APP
X
Telegram
CopyLink