Cline CLI 2.3.0 Supply Chain Attack Installed OpenClaw on Developer Systems

In a recent software supply chain attack, the AI-powered coding assistant Cline CLI version 2.3.0 was compromised to stealthily install OpenClaw, a self-hosted autonomous AI agent, on developer systems. The attack occurred on February 17, 2026, at 3:26 AM PT, when an unauthorized party used a compromised npm publish token to push a malicious update to the tool, highlighting vulnerabilities in open-source software distribution.

This incident underscores the growing threat of supply chain attacks targeting widely used developer tools, which can lead to unauthorized access and data breaches. The popularity of OpenClaw in recent months made it an attractive vector for attackers, emphasizing the need for enhanced security measures and vigilance in software updates and token management within the developer community.

Key Takeaways

Software supply chain attack on Cline CLI version 2.3.0
Stealthy installation of OpenClaw AI agent on developer systems
Compromised npm publish token used for unauthorized update on February 17, 2026
Highlights risks in open-source software distribution and token security

Source: The Hacker News

Press ESC to close

Key Takeaways

Share Article:

Tarang Parmar

Identity Cyber Scores: The New Metric Shaping Cyber Insurance in 2026

ClickFix Campaign Abuses Compromised Sites to Deploy MIMICRAT Malware