AI Tool Cline CLI Hijacked in Supply Chain Attack

In a significant software supply chain attack, the open-source Cline CLI coding assistant was compromised on February 17, 2026, leading to an unauthorized update that secretly installed OpenClaw on developers’ systems. The attack, spotted by the Microsoft Threat Intelligence team, resulted from a stolen npm publish token used to release a malicious version, according to an advisory.

Consequently, the package’s `postinstall` script forced an automatic OpenClaw installation for anyone downloading version 2.3.0. StepSecurity data shows roughly 4,000 downloads occurred during the eight-hour compromise window before the package was deprecated.

Meanwhile, researchers traced the breach’s origins to a vulnerability dubbed “Clinejection,” discovered by Adnan Khan. This flaw allowed attackers to use prompt injection on GitHub issues to execute arbitrary commands and steal high-privilege publication tokens.

This method could poison a repository’s build cache and pivot to a release workflow, exactly what happened to obtain the npm token. The stolen credential was then used to authenticate and publish the compromised package to the registry.

However, Endor Labs researcher Henrik Plate assessed the overall impact as low, noting “OpenClaw itself is not malicious.” The incident did not affect Cline’s VS Code extension or JetBrains plugin.

Consequently, maintainers have revoked the token, deprecated version 2.3.0, and released a secure version 2.4.0. They also updated their npm publishing to use more secure OpenID Connect authentication via GitHub Actions.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

• Can SHIB Recover? Experts Weigh In on Shiba Inu’s Comeback Odds
• DPRK Crypto Theft Accelerates Post-Bybit, Shifts to Fake Projects
• Coinbase’s Base Blockchain Splits From Optimism’s Tech
• AI Trade Not Out of Steam, Says Wedbush
• Judge Blocks Tennessee from Banning Kalshi Prediction Markets