{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreics7a3j6cdeiprat6uq6svcq6jnnrk3z6w5ozeim2blmgmi3y7sqa",
    "uri": "at://did:plc:6wtxqaikjf62unmnajbfbq5v/app.bsky.feed.post/3mgqnrizi7g72"
  },
  "coverImage": {
    "$type": "blob",
    "ref": {
      "$link": "bafkreifr5yo2fisubfyoqmsrifvqrbuiho2ezoijdnlevi62lootvean5i"
    },
    "mimeType": "image/jpeg",
    "size": 74440
  },
  "path": "/ghostclaw-poses-as-openclaw-in-npm-attack-that-can-empty-developer-machines/",
  "publishedAt": "2026-03-10T08:45:27.000Z",
  "site": "https://vpncentral.com",
  "tags": [
    "News",
    "GhostClaw poses as OpenClaw in npm attack that can empty developer machines",
    "VPN Central",
    "@openclaw-ai"
  ],
  "textContent": "A malicious npm package has surfaced under the name @openclaw-ai/openclawai, and researchers say it impersonates an OpenClaw installer while stealing passwords, browser data, SSH keys, cloud credentials, crypto wallet data, and more from developer systems. JFrog Security Research published the findings on March 8 and said the package delivered a multi-stage infection chain plus a […]\n\nThe post GhostClaw poses as OpenClaw in npm attack that can empty developer machines appeared first on VPN Central.",
  "title": "GhostClaw poses as OpenClaw in npm attack that can empty developer machines"
}