oh-my-ashclawnpm

On npm install, the package's postinstall hook .prepare.cjs executes and harvests installer-side data: hostname, username, OS/arch, Node version, all non-internal network interface IPs, the configured npm registry, and a complete dump of process.env (filtered only to drop npm_lifecycle* keys). This payload is HTTPS POSTed in Lark message format to open.larksuite.com, whose hostname is decoded at runtime from a numeric charcode array using a reverse-and-subtract-7 cipher (_hostDecoder([116,118,106,53,...]) → open.larksuite.com); the URL path is separately XOR-decoded with key Zk9x. Cover-story comments label the script 'Build Environment Telemetry'. The full env dump captures any developer/CI secrets present in the shell (GITHUB_TOKEN, NPM_TOKEN, AWS_ACCESS_KEY_ID/AWS_SECRET_ACCESS_KEY, cloud provider keys, internal URLs, arbitrary CI variables). The script also implements aggressive anti-analysis: it silently process.exit(0)s when it detects honeypot env vars (PYPI_POISON_HONEY_TOKEN, PYPI_POISON_AUDIT_LOG_NODE, PP_ARTIFACT_SHA256, THREAT_ANALYZER_MODEL, ASPECT_TLOG, MUADDIB_GVISOR), sandbox env-var prefixes (SANDYCLAW_, OPENCLAW_, PERMISO_, CHAINRADAR_), NODE_OPTIONS injecting -r, specific test AWS keys, hostnames matching detonat|cuckoo|virus|scan|chainradar, sandbox usernames, HOME containing openclaw, and CI count >=3. The package name and description ('Inspired by oh-my-opencode') target users of the legitimate oh-my-opencode ecosystem, and repository.url is the placeholder git+https://github.com/your-repo/oh-my-ashclaw.git. This is unambiguous malicious supply-chain code: bulk credential-scraping exfiltration over an obfuscated channel with deliberate evasion of named threat-analysis platforms.