exec默认行为对齐：tools.exec.host=auto 现在是纯路由标志，不再隐含沙箱存在时就用沙箱的逻辑。沙箱不存在时，显式指定沙箱会直接失败，而不是悄悄降级。

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...

4月1日消息，开源AI助手框架OpenClaw发布了v2026.3.31版本。此次更新新增了QQ Bot频道插件、大幅强化安全边界、引入了任务流管理系统以及其他多项更新。 本次更新最受国内用户关注的变化是QQ ...

With almost 175,000 npm projects listing the library as a dependency, the attack had a huge cascade effect and shows how ...

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...

如果你最近在用OpenClaw跑Agent、装Skill，或者即便只是正常装了几个常见依赖，那你可得好好注意了！ 今日，资深开发者Daniel ...

Andrej Karpathy, the former Tesla AI director and OpenAI cofounder, is calling a recent Python package attack \"software ...

LiteLLM, a massively popular Python library, was compromised via a supply chain attack, resulting in the delivery of ...

A widely used Python package with more than 95 million monthly downloads has been compromised with credential-stealing ...

整理 | 郑丽媛出品 | CSDN（ID：CSDNnews）如果你是一名 Python 开发者，对 pip install 命令肯定很熟悉——这是最常用的套件安装指令，可用来从 PyPI 或其它来源安装、升级与管理套件。但就在 3 月 24 ...

这是一件极其严肃的软件安全事件。 今天，Karpathy 发长推文警告全部开发者注意，GitHub 超过 4 万星，月下载量达 9700 万次的 Python 库 LiteLLM 在 PyPI 上被投毒。 首先提请各位开发者检查自己的 LiteLLM ...

Cloudflare says dynamically loaded Workers are priced at $0.002 per unique Worker loaded per day, in addition to standard CPU ...