@Shadanai/Openclaw
A JavaScript package on npm compromised by UNC1069 in May 2026.
Last refreshed: 20 May 2026 · Appears in 1 active topic
How far has UNC1069 extended WAVESHAPER.V2 beyond the Axios compromise into the npm ecosystem?
Timeline for @shadanai/openclaw
Mentioned in: UNC1069 expands the npm WAVESHAPER supply chain
Cybersecurity: Threats and DefencesWhat is the @shadanai/openclaw npm package and is it safe to use?
What is WAVESHAPER.V2 and what does it do to infected systems?
How does UNC1069 use the npm registry to attack software developers?
Background
`@shadanai/openclaw` is an npm registry package compromised by UNC1069, a Democratic People's Republic of Korea (DPRK)-linked threat actor cluster, in May 2026 as part of the expanding WAVESHAPER.V2 supply-chain campaign. GTIG identified the package as one of two additional npm packages beyond the Axios compromise that ship the WAVESHAPER.V2 backdoor payload. The campaign, also attributed to the actor cluster in earlier reporting, targets developers and enterprises that install the package as a dependency, injecting backdoor code into their build pipelines or development environments. Active distribution via the public npm registry means any downstream project installing `@shadanai/openclaw` without version pinning or integrity checking could be exposed.
UNC1069 operates in the tradition of DPRK-linked supply-chain actors (also tracked as Lazarus Group sub-clusters) who use fraudulent npm package names, typosquatting, or dependency confusion to insert malicious code into developer workflows. The WAVESHAPER.V2 payload functions as a backdoor providing remote access, data exfiltration capability, and persistence on infected systems. The April 2026 Axios WAVESHAPER.V2 campaign established the pattern; `@shadanai/openclaw` and its companion `@qqbrowser/openclaw-qbot` extend the campaign's reach into additional developer tooling namespaces.
The download volume of `@shadanai/openclaw` is small relative to mainstream packages like Axios, limiting its immediate blast radius. However the structural concern is wider: UNC1069's ability to register and publish under the `@shadanai` scoped namespace on npm demonstrates that registry namespace controls alone are insufficient to prevent supply-chain insertion. The npm registry's response to the confirmed compromise and the package's removal status as of 20 May 2026 have not been publicly confirmed.