MAL-2026-5751

--- _-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (daf0a5a6234cbf55718057017cbe143ab41ad1aaf7964ebfaab6dfe12703b005) On `npm install`, the package's postinstall hook `.prepare.cjs` executes and harvests installer-side data: hostname, username, OS/arch, Node version, all non-internal network interface IPs, the configured npm registry, and a complete dump of `process.env` (filtered only to drop `npm_lifecycle*` keys). This payload is HTTPS POSTed in Lark message format to `open.larksuite.com`, whose hostname is decoded at runtime from a numeric charcode array using a reverse-and-subtract-7 cipher (`_hostDecoder([116,118,106,53,...])` → `open.larksuite.com`); the URL path is separately XOR-decoded with key `Zk9x`. Cover-story comments label the script 'Build Environment Telemetry'. The full env dump captures any developer/CI secrets present in the shell (`GITHUB_TOKEN`, `NPM_TOKEN`, `AWS_ACCESS_KEY_ID`/`AWS_SECRET_ACCESS_KEY`, cloud provider keys, internal URLs, arbitrary CI variables). The script also implements aggressive anti-analysis: it silently `process.exit(0)`s when it detects honeypot env vars (`PYPI_POISON_HONEY_TOKEN`, `PYPI_POISON_AUDIT_LOG_NODE`, `PP_ARTIFACT_SHA256`, `THREAT_ANALYZER_MODEL`, `ASPECT_TLOG`, `MUADDIB_GVISOR`), sandbox env-var prefixes (`SANDYCLAW_`, `OPENCLAW_`, `PERMISO_`, `CHAINRADAR_`), `NODE_OPTIONS` injecting `-r`, specific test AWS keys, hostnames matching `detonat|cuckoo|virus|scan|chainradar`, sandbox usernames, `HOME` containing `openclaw`, and CI count >=3. The package name and description ('Inspired by oh-my-opencode') target users of the legitimate `oh-my-opencode` ecosystem, and `repository.url` is the placeholder `git+https://github.com/your-repo/oh-my-ashclaw.git`. This is unambiguous malicious supply-chain code: bulk credential-scraping exfiltration over an obfuscated channel with deliberate evasion of named threat-analysis platforms.