@altryne: PSA: If you are un-aware of the latest supply-chain attacks, or aware but complacent and didn't do anything, especially…

X AI KOLs Following News
supply-chain security malware npm pypi ai-agents worm

Summary

A PSA about a series of supply-chain attacks targeting AI developer tools (Hermes, OpenClaw) via npm and PyPI, specifically the 'Mini-Shai Hulud' worm that self-replicates and steals credentials, API keys, and browser sessions. The post advises sandboxed execution and restricting package age to mitigate risks.

PSA: If you are un-aware of the latest supply-chain attacks, or aware but complacent and didn't do anything, especially if you're running Hermes/OpenClaw or manage them for other folks, read this, it'll take 3 minutes i promise. Supply Chain poisoning attacks are especially vicious, they often compromise a package (javascript packages via NPM, python via PyPI) that is not installed directly, but is a requirement from something else you install. So if your agent is building software for ya, or is downloading skills, or even is updating itself, your mac can get infected by this rotten supply chain. These are not viruses, rather, malware worms, and since many are running agents without a sandbox, with code writing and execution permissions and give their agents full credentials to their email, personal life, API keys etc, these attackers harvest every possible personal data under the sun, API keys in .env, browser sessions, crypto keys, you name it. There are generally 2 ways of "protecting" your agent (and yourself) from something like this. 1) Sandboxed execution - Run your Hermes/OpenClaw on a dedicated sandbox, Docker or otherwise. 2) Restrict minimum-age of package installation Number 2 is the most important, it assumes that package managers will detect an attack within 24-ish hours and will take down the infected packages from the registries. So if you want to be security conscious, you need to set global rules for your package managers to never install a new update that's less than 24 hours old. Here's a guide Codex helped me publish that shows your agent how to set these rules up on your machines: https://gist.github.com/altryne/233ea8c8446c1ed0aead7561aeeca213… For this latest Mini-Shai Hulud worm, it's vicious specifically because it self replicates, and removing the packages doesn't remove the worm. @nisten has written a scanner that you can ask your agent to run to see if you were compromised. https://github.com/nisten/shaiscan Additionally, we covered this on @thursdai_pod - it's good practice to always create dedicated API keys for each specific agent/machine and clearly designate them. Storing them in a password manager like @1Password and @Bitwarden helps with tracking and rolling if you were exposed. Don't be complacent, this new wave of supply chain attacks seems to be fueled by more powerful AI coding agents, and it'll take time to stabilize, in the meanwhile, stay protected.
Original Article
View Cached Full Text

Cached at: 05/16/26, 07:15 AM

PSA: If you are un-aware of the latest supply-chain attacks, or aware but complacent and didn’t do anything, especially if you’re running Hermes/OpenClaw or manage them for other folks, read this, it’ll take 3 minutes i promise.

Supply Chain poisoning attacks are especially vicious, they often compromise a package (javascript packages via NPM, python via PyPI) that is not installed directly, but is a requirement from something else you install.

So if your agent is building software for ya, or is downloading skills, or even is updating itself, your mac can get infected by this rotten supply chain.

These are not viruses, rather, malware worms, and since many are running agents without a sandbox, with code writing and execution permissions and give their agents full credentials to their email, personal life, API keys etc, these attackers harvest every possible personal data under the sun, API keys in .env, browser sessions, crypto keys, you name it.

There are generally 2 ways of “protecting” your agent (and yourself) from something like this.

  1. Sandboxed execution - Run your Hermes/OpenClaw on a dedicated sandbox, Docker or otherwise.
  2. Restrict minimum-age of package installation

Number 2 is the most important, it assumes that package managers will detect an attack within 24-ish hours and will take down the infected packages from the registries. So if you want to be security conscious, you need to set global rules for your package managers to never install a new update that’s less than 24 hours old.

Here’s a guide Codex helped me publish that shows your agent how to set these rules up on your machines: https://gist.github.com/altryne/233ea8c8446c1ed0aead7561aeeca213…

For this latest Mini-Shai Hulud worm, it’s vicious specifically because it self replicates, and removing the packages doesn’t remove the worm.

@nisten has written a scanner that you can ask your agent to run to see if you were compromised.

https://github.com/nisten/shaiscan

Additionally, we covered this on @thursdai_pod - it’s good practice to always create dedicated API keys for each specific agent/machine and clearly designate them. Storing them in a password manager like @1Password and @Bitwarden helps with tracking and rolling if you were exposed.

Don’t be complacent, this new wave of supply chain attacks seems to be fueled by more powerful AI coding agents, and it’ll take time to stabilize, in the meanwhile, stay protected.

International Cyber Digest (@IntCyberDigest): ‼️🚨 UPDATE: The TanStack npm attack is now a full campaign.

‘Mini’ Shai-Hulud has hit:

  • OpenSearch
  • Mistral AI
  • Guardrails AI -UiPath
  • Squawk packages across npm and PyPI

The malware specifically targets AI developer tooling. It hooks into Claude Code

Similar Articles

@AYi_AInotes: Damn, Theo’s warning today gave me chills. He said, hope you understand, this is only going to get worse, because the ongoing Mini Shai-Hulud supply chain attack has already spread from TanStack to UiPath, Mistral AI related packages, totaling 205 compromised artifacts...

X AI KOLs Timeline

This article warns about the ongoing Mini Shai-Hulud supply chain attack, which has spread from TanStack to UiPath, Mistral AI, etc., with a total of 205 artifacts poisoned. Attackers used CI/CD cache poisoning; malicious packages have legitimate signatures and provenance, rendering traditional security measures ineffective. AI has accelerated the attack speed, and developers' AI tools have become parasitic targets.

Mini Shai-Hulud Strikes Again: 314 npm Packages Compromised

Hacker News Top

The npm account 'atool' was compromised, leading to the publication of 637 malicious versions across 317 packages. The payload harvests credentials, establishes persistence via AI coding tools and system services, and exfiltrates data through GitHub.