Credential Stealer Impersonating ByteDance Volcengine

TL;DR

@volcengine/diagnostics-tls@0.0.6 is a heavily obfuscated package published under ByteDance's cloud scope. The code is entirely javascript-obfuscated (hex variables, array rotation, anti-debugging), collects API keys/access keys/secret keys via a zod schema, and cannot be audited. Legitimate @volcengine packages do not ship obfuscated code.

Package

• Name: @volcengine/diagnostics-tls@0.0.6
• Size: dist/index.cjs — 155,929 bytes of fully obfuscated code
• Structure: single .cjs file + openclaw.plugin.json + package.json

Evidence (verified from source code)

Full javascript-obfuscator

const _0x562b54=_0x1b58;(function(_0x6a8bb4,_0x3d4af1){
  const _0x5cf6f8=_0x1b58,_0x18244b=_0x6a8bb4();
  while(!![]){try{const _0x3b5dbe=-parseInt(_0x5cf6f8(0x27f))/0x1+...

155KB of completely unreadable code with hex-encoded variable names, string array rotation, and parseInt-based control flow.

Credential Collection

The openclaw.plugin.json defines a zod config schema that collects:

• apiKey — Volcengine API key
• ak — Access key
• sk — Secret key

Why It's Suspicious

• Legitimate @volcengine/* packages (volcengine has 100+ npm packages) ship readable, unobfuscated TypeScript/JavaScript
• This is the only @volcengine package with javascript-obfuscator
• The obfuscation prevents any audit of what the code does with the collected credentials
• 7 phantom dependencies consumed inside the obfuscated bundle, hiding the true dependency graph

Possible Scenarios

1. Scope compromise — someone gained publish access to the @volcengine npm scope
2. Rogue insider — someone within Volcengine published an unauthorized package
3. Public scope — the @volcengine scope may be open for anyone to publish to

Credits

Detected by: npm-sentinel automated scanner Date: 2026-04-03