Malware advisory

MAL-2026-3757

Malicious code in claw-subagent-service (npm)

8 affected releases in the PkgRadar corpus · published 2026-05-14 · upstream advisory

Affected packages

Package	Ecosystem	Version	Verdict	Scanned (UTC)
`claw-subagent-service`	npm	`0.0.146`	High risk	2026-06-03
`claw-subagent-service`	npm	`0.0.149`	High risk	2026-06-03
`claw-subagent-service`	npm	`0.0.140`	High risk	2026-06-03
`claw-subagent-service`	npm	`0.0.141`	High risk	2026-06-03
`claw-subagent-service`	npm	`0.0.137`	High risk	2026-06-03
`claw-subagent-service`	npm	`0.0.138`	High risk	2026-06-03
`claw-subagent-service`	npm	`0.0.136`	High risk	2026-06-03
`claw-subagent-service`	npm	`0.0.130`	High risk	2026-06-03

PkgRadar blocks these releases at the CI gate before they reach your build. Start free or see all advisories.