Cline Supply Chain Attack: Cline 2.3.0 Silently Installs OpenClaw (www.stepsecurity.io)

On February 17, 2026, a significant security incident involving the popular open-source coding agent CLI tool, cline, was reported. Version 2.3.0 of the package was published with a malicious post-install script that automatically installed a secondary package, openclaw, on any machine that executed `npm install cline`. This compromised version was downloaded around 4,000 times before being deprecated by its maintainers just eight hours post-release. The incident was discovered by Adnan Khan, highlighting the need for vigilance in open-source package management. This attack underscores the vulnerabilities in supply chain security within the AI/ML development community, particularly given cline's role in facilitating AI-assisted coding tasks. The malicious package switch was detected through abnormalities in the publishing process, which diverged from the established automated, provenance-backed pipeline. The lack of npm provenance attestations further complicated protections, allowing the attacker to execute code with escalated privileges on users' systems. The incident serves as a critical reminder for developers to strengthen their dependency management practices and emphasizes the importance of real-time threat monitoring tools to mitigate future risks in the software development landscape.