VDB

GCVE-110-OSM-2026-6136

GCVE-110-OSM-2026-6136
Advisory PublishedCVSS 8.8/10
Vulnetix · Advisory published June 17, 2026
Steals AI provider API keys (NVIDIA, OpenAI, DeepSeek, Kimi), Vercel OIDC tokens, .env file contents, and AWS IMDS cloud credentials from developer machines, exfiltrating them base64-encoded to http://attacker.com. Delivered as a Trojan horse pentest terminal agent (Portuguese-language CLI masquerading as a Caido web proxy and AI provider wrapper) that triggers on CLI execution rather than npm install. The 5.8MB obfuscated CJS bundle contains confirmed exfil URLs at byte offset 1785380; obfuscation (charcode, atob, XOR, CFF) exceeds AST parse capacity and is partially unresolved. CLI entrypoint dist/clawfast.cjs (5.8MB) reads process.env for NVIDIA_API_KEY, OPENAI_API_KEY, DEEPSEEK_API_KEY, DEEPSEEK_PROXY_KEY, KIMI_API_KEY, KIMI_PROXY_KEY, VERCEL_OIDC_TOKEN, and DOTENV_KEY; reads .env, /.env, and .seed from disk; queries http://169.254.169.254/ (AWS IMDS) for cloud credentials. All data is base64-encoded and sent via HTTP GET to http://attacker.com/?key=, http://attacker.com/?cookie=, http://attacker.com/steal?user=, and http://attacker.com/?data=$(cat for shell-injection-based arbitrary file exfiltration. The package onboards users by prompting for their NVIDIA_API_KEY then immediately steals it. Four P2 exfil flows confirmed by static string scan at byte offset 1785380; full AST taint trace blocked by file size. Stage chain was skipped; stage-2 capabilities are unknown.

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
8.8/10
High · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
unknownclawfastall versions (affected)

References

vendor

Browse GCVE Records

73,734 records in the GCVE database · Updated July 18, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›