// TEMPLARSEC //
[ 2026-02-21 ] -- /posts/cline-cli-supply-chain-attack

Supply Chain Attack: Cline CLI Compromised

A recent supply chain attack targeted developers using the Cline CLI, a popular AI coding tool, resulting in the unauthorized installation of the OpenClaw malware on affected systems.

The Threat

A recent supply chain attack targeted developers using the Cline CLI, a popular AI coding tool. Version 2.3.0 of the Cline CLI was compromised and distributed through the npm package repository with unauthorized modifications. For approximately eight hours, developers who installed the compromised package unknowingly pulled code associated with the OpenClaw AI agent onto their systems. This incident highlights the increasing risks associated with AI-assisted coding and the potential for attackers to exploit trust in automation within development workflows.

Impact

While the malicious version was live for a limited time, the potential impact is significant. OpenClaw is a powerful AI agent with broad permissions, including full disk access, allowing it to execute tasks on the user's behalf. A silently installed OpenClaw instance can provide attackers with a persistent foothold on targeted systems. This can lead to:

  • Credential Theft: OpenClaw's access to the file system and user accounts makes it capable of stealing secrets and credentials.
  • Development Environment Tampering: Attackers could use OpenClaw to tamper with development environments, potentially injecting malicious code into projects.
  • Persistent Backdoor: OpenClaw installs itself as a system daemon, allowing it to survive reboots and continue running even after the Cline package is updated or removed.
  • Compromised CI/CD Pipelines: Build agents and CI runners that installed the affected Cline version may have had OpenClaw installed, potentially exposing cloud credentials and other sensitive secrets.

The compromised package was downloaded approximately 4,000 times before it was deprecated.

Remediation

If you have used the Cline CLI, take the following steps immediately:

  • Update to Cline CLI 2.4.0: Ensure you are using the latest, safe version of the Cline CLI.
  • Check for OpenClaw Installation: Review your systems for any unwanted installations of OpenClaw. Look for the following directories: ~/.openclaw/, ~/clawd/, or ~/.clawdbot/.
  • Monitor Network Traffic: Monitor for WebSocket traffic on ports 3000 and 18789, which may indicate OpenClaw activity.
  • Review CI/CD Environments: If you use Cline CLI in your CI/CD pipelines, thoroughly review those environments for any signs of compromise. Rotate any potentially exposed credentials.
  • Implement Artifact Monitoring: Use tools like StepSecurity Artifact Monitor to track release patterns and verify provenance, alerting teams when packages are published through unusual channels.

Source: The Hacker News

[ BACK TO BLOG ]