• Cline CLI 2.3.0 Supply Chain Attack Installed OpenClaw on Developer Systems In yet another software supply chain attack, the open-source, artificial intelligence (AI)-powered coding assistantCline CLIwas updated to stealthily installOpenClaw, a self-hosted autonomous AI agent that has become exceedingly popular in the past few months. • “On February 17, 2026, at 3:26 AM PT, an unauthorized party used a compromised npm publish token to publish an update to Cline CLI on the NPM registry: cline@2.3.0 ,” the maintainers of the Cline packagesaidin an advisory. • “The published package contains a modified package.json with an added postinstall script: ‘postinstall”: “npm install -g openclaw@latest.’” As a result, this causes OpenClaw to be installed on the developer’s machine when Cline version 2.3.0 is installed. • Cline said no additional modifications were introduced to the package and there was no malicious behavior observed. • However, it noted that the installation of OpenClaw was not authorized or intended. • The supply chain attack affects all users who installed the Cline CLI package published on npm, specifically version 2.3.0, during an approximately eight-hour window between 3:26 a.m.

Article Summaries:

  • A supply‑chain attack on the open‑source AI coding assistant Cline CLI caused the 2.3.0 release to silently install the popular autonomous agent OpenClaw on developers’ machines. The breach occurred on February 17, 2026, when an unauthorized party used a compromised npm publish token to publish an update that added a post‑install script installing OpenClaw globally. Roughly 4,000 downloads were affected during the eight‑hour window. Cline’s maintainers released version 2.4.0, revoked the token, and added OpenID Connect authentication. Microsoft’s threat team noted a spike in OpenClaw installs, but security researchers say the impact is low, as OpenClaw itself is benign. Users are urged to update and verify their environments.

Sources: