PkgRadar

Malware advisory

MAL-2026-3757

Malicious code in claw-subagent-service (npm)

17 affected releases in the PkgRadar corpus · published 2026-05-14 · upstream advisory

Affected packages

PackageEcosystemVersionVerdictScanned (UTC)
claw-subagent-servicenpm0.0.179High risk2026-07-06
claw-subagent-servicenpm0.0.177High risk2026-07-05
claw-subagent-servicenpm0.0.161High risk2026-07-05
claw-subagent-servicenpm0.0.160High risk2026-07-05
claw-subagent-servicenpm0.0.162High risk2026-07-04
claw-subagent-servicenpm0.0.168High risk2026-07-04
claw-subagent-servicenpm0.0.170High risk2026-07-04
claw-subagent-servicenpm0.0.153High risk2026-07-02
claw-subagent-servicenpm0.0.164High risk2026-07-02
claw-subagent-servicenpm0.0.137High risk2026-06-23
claw-subagent-servicenpm0.0.130High risk2026-06-23
claw-subagent-servicenpm0.0.140High risk2026-06-23
claw-subagent-servicenpm0.0.136High risk2026-06-23
claw-subagent-servicenpm0.0.149High risk2026-06-23
claw-subagent-servicenpm0.0.141High risk2026-06-23
claw-subagent-servicenpm0.0.138High risk2026-06-23
claw-subagent-servicenpm0.0.146High risk2026-06-20

PkgRadar blocks these releases at the CI gate before they reach your build. Start free or see all advisories.

MAL-2026-3757 — malicious package advisory | PkgRadar