• Application Security Cyber Risk Cyberattacks & Data Breaches Vulnerabilities & Threats News Supply Chain Attack Secretly Installs OpenClaw for Cline Users The malicious version of Cline’s npm package - 2.3.0 - was downloaded more than 4,000 times before it was removed. • February 19, 2026 The rapid spread of OpenClaw wasn’t going fast enough for someone. • Cybersecurity vendors this week noticed an odd trend when the npm package for version 2.3.0 of Cline, a widely used open sourceAI coding tool, began installing an apparent stowaway program:OpenClaw. • For approximately eight hours, users who downloaded Cline received a poisoned version of the tool that, while not carrying traditional malware, still made unauthorized installations on their systems. • It’s unclear who perpetrated this odd supply chain attack, and what the ultimate motivation is beyond forced installations of OpenClaw. • But the attack marks the latest red flag for the fast-growing AI framework, which security researchers haveexpressed concernsabout since its explosion onto the technology landscape last month.

Article Summaries:

  • A malicious version of Cline’s npm package (v2.3.0) was distributed for about eight hours, during which it silently installed a non‑malicious program called OpenClaw via a post‑install hook. The compromised package was downloaded roughly 4,000 times before Cline removed it. The attack stemmed from a prompt‑injection vulnerability that allowed an attacker to steal a publish token, discovered by researcher Adnan Khan. Cline patched the flaw, released v2.4.0, revoked the token, and switched to OIDC provenance for future releases. Security vendors noted the incident as a warning about supply‑chain risks in rapidly growing AI tools.

Sources: