{"id":215790,"date":"2026-02-20T15:05:00","date_gmt":"2026-02-20T20:05:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/02\/20\/ai-coding-assistant-cline-compromised-installs-openclaw-the-register\/"},"modified":"2026-02-20T17:25:10","modified_gmt":"2026-02-20T22:25:10","slug":"ai-coding-assistant-cline-compromised-installs-openclaw-the-register","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/02\/20\/ai-coding-assistant-cline-compromised-installs-openclaw-the-register\/","title":{"rendered":"AI coding assistant Cline compromised, installs OpenClaw \u2022 The Register"},"content":{"rendered":"<p><a href=\"https:\/\/www.theregister.com\/2026\/02\/20\/openclaw_snuck_into_cline_package\/\">AI coding assistant Cline compromised, installs OpenClaw \u2022 The Register<\/a><\/p>\n<p><a href=\"https:\/\/www.theregister.com\/2026\/02\/20\/openclaw_snuck_into_cline_package\/\">https:\/\/www.theregister.com\/2026\/02\/20\/openclaw_snuck_into_cline_package\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-02-20 15:05:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.theregister.com\">www.theregister.com<\/a><\/p>\n<p>Someone compromised open source AI coding assistant Cline CLI&#8217;s npm package earlier this week in an odd supply chain attack that secretly installed OpenClaw on developers&#8217; machines without their knowledge.\u00a0<\/p>\n<p>The incident occurred on Tuesday, when an &#8220;unauthorized party&#8221; used a compromised token to publish an update to Cline CLI on its npm registry that installs OpenClaw &#8211; the AI agent platform slash security nightmare &#8211; on users&#8217; computers when they install cline@2.3.0.<\/p>\n<p>&#8220;Users who installed Cline CLI cline@2.3.0 during the approximately 8-hour window between 3:26 AM PT and 11:30 AM PT on February 17 will have openclaw globally installed,&#8221; Cline&#8217;s maintainers said in a security advisory. &#8220;The openclaw package is a legitimate open source project and is not malicious, but its installation was not authorized or intended.&#8221;<\/p>\n<p>The maintainers also revoked the compromised token, and added that &#8220;npm publishing now uses OIDC provenance via GitHub Actions.&#8221;<\/p>\n<p>Anyone who installed Cline during this time period should update to a fixed version (2.4.0 or higher) and check their environment for a surprise OpenClaw installation.<\/p>\n<p>Earlier this month, security researcher Adnan Khan found and disclosed a prompt injection vulnerability (since fixed) to Cline that could be abused for this exact purpose.<\/p>\n<p>&#8220;To make sure it&#8217;s clear in the midst of the NPM package situation: I did NOT conduct overt testing on Cline&#8217;s repository,&#8221; Khan said in an update to his research.\u00a0<\/p>\n<p>&#8220;I conducted my PoC on a mirror of Cline to confirm the prompt injection vulnerability,&#8221; he added. &#8220;A different actor found my PoC on my test repository and used it to directly attack Cline and obtain the publication credentials.&#8221;<\/p>\n<p>Microsoft did note a &#8220;small but noticeable uptick in installations of OpenClaw initiated by Cline CLI installation script&#8221; during the eight-hour&#8230;<\/p>\n<p><a href=\"https:\/\/www.theregister.com\/2026\/02\/20\/openclaw_snuck_into_cline_package\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>AI coding assistant Cline compromised, installs OpenClaw \u2022 The Register https:\/\/www.theregister.com\/2026\/02\/20\/openclaw_snuck_into_cline_package\/ Publish Date: 2026-02-20 15:05:00&#8230;<\/p>\n","protected":false},"author":1,"featured_media":215791,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/regmedia.co.uk\/2026\/02\/20\/lobster_underwater.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,27],"class_list":["post-215790","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/215790"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=215790"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/215790\/revisions"}],"predecessor-version":[{"id":215792,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/215790\/revisions\/215792"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/215791"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=215790"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=215790"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=215790"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}