← 返回 Skills 市场

Axios Security Check

Name: Axios Security Check
Author: vjumpkung

作者 Chanrich Pisitjing · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ✓ 安全检测通过

120

总下载

当前安装

版本数

在 OpenClaw 中安装

/install axios-security-check

功能描述

Checks for the March 2026 axios supply chain attack — two malicious npm versions ([email protected] and [email protected]) that injected a RAT dropper via a fake depen...

使用说明 (SKILL.md)

axios Supply Chain Attack — Detection & Remediation

In March 2026, two malicious versions of axios were published to npm:

[email protected] (live ~2h 53m)
[email protected] (live ~2h 15m)

Both injected a fake dependency [email protected] that ran a postinstall script deploying a cross-platform remote access trojan (RAT). The malware then deleted itself and replaced its own package.json with a clean decoy to evade detection.

Safe versions: [email protected] (1.x users) · [email protected] (0.x users)

Step 1 — Check if the project is affected

Run these checks in the project directory:

# Check package-lock.json or yarn.lock for the malicious versions
npm list axios 2>/dev/null | grep -E "1\.14\.1|0\.30\.4"
grep -A1 '"axios"' package-lock.json 2>/dev/null | grep -E "1\.14\.1|0\.30\.4"

# Check if plain-crypto-js was ever installed
# (its presence alone means the dropper ran — it's NEVER a dep of legitimate axios)
ls node_modules/plain-crypto-js 2>/dev/null && echo "⚠️  POTENTIALLY COMPROMISED"

If plain-crypto-js/ exists in node_modules, the dropper executed. The npm list version reported may show 4.2.0 (not 4.2.1) due to the anti-forensics swap — the directory presence is the reliable signal.

Step 2 — Check for RAT artifacts on the system

# macOS
ls -la /Library/Caches/com.apple.act.mond 2>/dev/null && echo "⚠️  COMPROMISED (macOS RAT binary)"

# Linux
ls -la /tmp/ld.py 2>/dev/null && echo "⚠️  COMPROMISED (Linux Python RAT)"

# Windows (run in cmd.exe or PowerShell)
dir "%PROGRAMDATA%\wt.exe" 2>nul && echo "COMPROMISED (Windows persistent RAT)"

On Windows, %PROGRAMDATA%\wt.exe is a persistent copy of PowerShell left behind — it survives package removal and reboots.

Step 3 — Check CI/CD pipeline logs

Search CI run logs for any npm install or npm ci that may have pulled the malicious versions during the window 2026-03-31 00:21 UTC – 2026-03-31 03:15 UTC. Any pipeline run in that window that installed axios should be treated as compromised.

Reading the results

Finding	Meaning
`[email protected]` or `[email protected]` in lock file	Was exposed; check further
`node_modules/plain-crypto-js/` exists	Dropper ran — treat as compromised
RAT artifact found	System is compromised — rebuild
None of the above	No evidence of compromise

Remediation

If no compromise evidence found (precautionary cleanup)

# 1. Pin to safe version
npm install [email protected]        # 1.x users
npm install [email protected]        # 0.x users

# 2. Lock against transitive re-resolution (add to package.json)
# "overrides": { "axios": "1.14.0" },
# "resolutions": { "axios": "1.14.0" }

# 3. Remove plain-crypto-js if present
rm -rf node_modules/plain-crypto-js
npm install --ignore-scripts

If compromise is confirmed (RAT artifact found or dropper ran)

Do NOT attempt to clean in place. The system must be treated as fully compromised.

Rebuild from a known-good state — do not trust the affected machine
Rotate all credentials accessible at install time:
- npm tokens
- AWS / GCP / Azure access keys and service account keys
- SSH private keys
- .env file secrets (DB passwords, API keys, JWT secrets)
- CI/CD secrets injected as environment variables
- GitHub PATs / deployment keys
Audit CI/CD — for every pipeline run that installed the malicious version, rotate all secrets that were in scope during that run

Block the C2 domain (as a precaution on any potentially exposed network):

# Linux/macOS — /etc/hosts
echo "0.0.0.0 sfrclak.com" | sudo tee -a /etc/hosts

# Linux firewall
sudo iptables -A OUTPUT -d 142.11.206.73 -j DROP

Going forward — prevention

# In CI/CD, always use --ignore-scripts to block postinstall hooks
npm ci --ignore-scripts

Add to package.json to prevent accidental upgrade to malicious range:

{
  "overrides": { "axios": "1.14.0" }
}

Consider tools like StepSecurity Harden-Runner for CI/CD network egress monitoring.

Indicators of Compromise (IOC Reference)

Type	Value
Malicious package	`[email protected]` · shasum `2553649f232204966871cea80a5d0d6adc700ca`
Malicious package	`[email protected]` · shasum `d6f3f62fd3b9f5432f5782b62d8cfd5247d5ee71`
Malicious dep	`[email protected]` · shasum `07d889e2dadce6f3910dcbc253317d28ca61c766`
C2 domain	`sfrclak.com`
C2 IP	`142.11.206.73`
C2 URL	`http://sfrclak.com:8000/6202033`
macOS artifact	`/Library/Caches/com.apple.act.mond`
Windows artifact	`%PROGRAMDATA%\wt.exe`
Linux artifact	`/tmp/ld.py`
Safe 1.x version	`[email protected]` · shasum `7c29f4cf2ea91ef05018d5aa5399bf23ed3120eb`

Output format

When running a check, produce a structured report:

## axios Security Check Report

**Project:** \x3Cpath or name>
**Date checked:** \x3Cdate>

### Findings
- [ ] axios version in dependencies: \x3Cversion found or "not found">
- [ ] plain-crypto-js in node_modules: \x3Cyes/no>
- [ ] macOS RAT artifact: \x3Cfound/not found>
- [ ] Linux RAT artifact: \x3Cfound/not found>
- [ ] Windows RAT artifact: \x3Cfound/not found>

### Verdict
\x3CCLEAN | POTENTIALLY EXPOSED | COMPROMISED>

### Recommended Actions
\x3Clist specific next steps based on findings>

安全使用建议

This is a coherent, purpose-built guide for detecting and responding to the axios/npm compromise. Before using it: (1) do not let an agent run the remediation commands autonomously — require human approval; (2) run checks in an isolated environment or on a copy/backups to avoid contaminating evidence; (3) commands like rm -rf, iptables, and editing /etc/hosts require sudo and can be disruptive — review them before execution; (4) when compromise is confirmed, follow your org's incident-response process (preserve logs, rebuild from known-good media, rotate secrets listed in the guide); (5) verify IOCs (hashes, domain/IP) independently before blocking or taking network action. If you want stricter safety, restrict the skill from autonomous invocation or convert it into a read-only checklist that only suggests commands rather than running them.

功能分析

Type: OpenClaw Skill Name: axios-security-check Version: 1.0.0 The skill is a defensive security tool designed to detect and remediate a specific axios supply chain attack. It provides instructions for the agent to check for malicious package versions, identify RAT artifacts (such as /tmp/ld.py and %PROGRAMDATA%\wt.exe), and implement remediation steps like credential rotation and C2 blocking (sfrclak.com). The logic is consistent with its stated purpose and contains no evidence of malicious intent or harmful prompt injection.

能力评估

✓ Purpose & Capability

The skill name/description match the SKILL.md contents. All checks and remediation steps (lockfile checks, node_modules check, system artifact paths, CI log search, credential rotation, blocking C2) are relevant to investigating a supply-chain RAT introduced by malicious axios/npm packages.

ℹ Instruction Scope

Instructions explicitly direct reading project files (lockfiles, node_modules) and specific system paths (/Library/Caches/com.apple.act.mond, /tmp/ld.py, %PROGRAMDATA%\wt.exe), and include commands that modify system state (rm -rf, echo to /etc/hosts, iptables). Those actions are appropriate for remediation guidance, but they are destructive and require admin privileges — they should be run by a human or incident-response automation with explicit authorization. The SKILL.md does not request unrelated secrets or other system files.

✓ Install Mechanism

Instruction-only skill with no install spec and no code files; nothing is downloaded or written by an installer step, minimizing supply-chain install risk.

✓ Credentials

The skill requests no environment variables or credentials. The remediation guidance correctly calls for rotating credentials if a compromise is confirmed; this is proportional to a post-compromise response and not a precondition of the skill.

ℹ Persistence & Privilege

always:false (good). Model invocation is allowed (default). Because the instructions include potentially-destructive system commands, granting an agent autonomous execution rights would increase risk; prefer human confirmation or restricted automation when performing these steps.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install axios-security-check
安装完成后，直接呼叫该 Skill 的名称或使用 /axios-security-check 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release — provides comprehensive detection and guidance for the March 2026 axios supply chain attack. - Detects presence of malicious [email protected] and [email protected], as well as the dropper [email protected]. - Guides users through local and system artifact checks across macOS, Linux, and Windows. - Offers clear remediation steps for both unexposed and confirmed compromises, including credential rotation advice. - Includes detailed indicators of compromise (IOCs) and safe upgrade instructions. - Outputs a structured security check report summarizing findings and recommendations.

元数据

Slug axios-security-check

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题