🚨 Supply Chain Attack on Cline CLI: What You Need to Know 🚨
Recently, an alarming supply chain attack compromised the Cline CLI npm package, stealthily installing the OpenClaw AI agent on developers’ machines. This incident underscores critical vulnerabilities in open source software.
Key Details:
- Incident Timing: February 17, between 3:26 AM PT and 11:30 AM PT.
- Compromised Action: An unauthorized party used a compromised token to publish an update (cline@2.3.0) that inadvertently installed OpenClaw.
- Impact: Approximately 4,000 downloads of the compromised version were reported.
- Resolution: Maintainainers revoked the token and recommended users update to version 2.4.0 or higher immediately.
While OpenClaw itself isn’t malicious, the unauthorized installation poses potential risks. It’s essential for developers to verify their environments and remain vigilant.
🔗 If you’re concerned about your software’s security, share this information with your network and ensure your tools are safe! #SupplyChainSecurity #OpenSourceAI #DevOps
