If you heard of the shai hulud exploit, you know how serious this is. Another supply chain attack hit and this one is rough. If attacked, this malware will target claude and VS Code to burrow in so even if you remove it, it still will stay resident. This worm initially went after npm models, it was later found to spread to Python modules on PyPi as well.
I made an open source scanner that detects traces of this worm so you can easily remove it from your system.
https://github.com/officiallymarky/tanstackscanner
What it checks
- Known IOC filenames:
router_init.jsrouter_runtime.jstanstack_runner.jsgh-token-monitor.shsetup.mjs
- Known malicious SHA-256 hash:
ab4fcadaec49c03278063dd269ea5eef82d24f2124a8e15d7b90f2fa8601266c
- Suspicious dependency strings in manifests and lockfiles:
@tanstack/setupgithub:tanstack/router79ac49eedf774dd4b0cfa308722bc463cfe5885c
- User-level persistence artifacts for
gh-token-monitor - Running processes matching known IOC names
This attack was initially discovered with this Github comment.
https://github.com/TanStack/router/issues/7383#issuecomment-4425225340
These attacks are becoming more and more common with AI being available to everyone and the flood of vibe coded apps. While there is no way to protect against these attacks, you can minimize them by using tools like safe-npm to only install packages that are 90 days old. This typically gives it enough time to discover compromised packages but it isn't 100% fail proof.
Thanks for creating and sharing this fix.
I downloaded and use Claude from their website for my work and personal projects, but I am starting to believe that in terms of risks, there far more unknowns then knowns.
I have seen your Open Claw posts and I decided that I should learn more working with Claude to understand the full benefits and risks of Open Claw.
Question: have you written any general information other posts detailing safe set-up and operation of these AI agents which we can use as a beginners guide to safe set-up of these agents?
Thanks
No. I only wrote a few posts. It’s fairly complex as there isn’t really a single thing to do but a mindset.
Works well, tested.
This post has been shared on Reddit through the HivePosh initiative.
Ray,
You still didn't understand your situation. You are a lost in time! The sea is dumping salt on you. No one cares about you since the aliens inserted a reftum probe on you.