Summary
Cline CLI version 2.3.0 was compromised in a supply chain attack that silently installed the OpenClaw framework, creating a persistent backdoor and exposing systems to remote code execution.
Take Action:
If you are using Cline, this is urgent: Check your developer environments for Cline version 2.3.0 and manually uninstall the OpenClaw package, as it persists even after Cline is updated. Always verify that your npm dependencies use OIDC-based trusted publishing to prevent unauthorized manual releases from reaching your production or development pipelines.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)