Hacker tricks Cline into spreading OpenClaw

🔑 Enhanced Key Takeaways

• •A hacker exploited a prompt injection vulnerability in Cline's Claude Issue Triage GitHub Actions workflow, active from Dec 21, 2025 to Feb 9, 2026, to steal npm, VSCE, and OVSX publishing tokens via cache poisoning[1][3].
• •On February 17, 2026, the attacker published malicious Cline CLI version 2.3.0 to npm, which included a postinstall script silently installing the legitimate OpenClaw AI agent globally on users' systems[1][3][4].
• •The malicious version remained live for about 8 hours until Cline team published fixed version 2.4.0 and deprecated 2.3.0, with the advisory rating severity as 'low' since OpenClaw is open-source but highlighting supply chain risks[1][2][4].
• •Security researcher Adnane Khan discovered and reported the prompt injection flaw on January 1, 2026, providing a proof-of-concept using public tools like Cacheract for cache poisoning[3].
• •This incident underscores accelerating npm supply chain attacks on AI dev tools, with prior OpenClaw 'ClawHavoc' attack in January 2026 planting malicious skills for infostealers[1][2].

🛠️ Technical Deep Dive

• •Prompt injection targeted Cline's Claude Issue Triage workflow (removed post-incident), allowing GitHub account holders to inject malicious instructions chaining to GitHub Actions cache poisoning[3].
• •Cache poisoning used tools like Cacheract to flush/evict cache, pivot to Publish Nightly Release/NPM workflows, stealing VSCE_PAT, OVSX_PAT, NPM_RELEASE_TOKEN secrets with production-level access[3].
• •Malicious npm package 2.3.0 modified only package.json to add 'postinstall': 'npm install -g openclaw@latest' lifecycle script; CLI binary dist/cli.mjs unchanged from legit 2.2.0[1].
• •Attack drew from public research like Aikido Security’s PromptPwned on AI workflow misconfigurations[3].
• •Cline CLI 2.0 features AI agent control in terminal with parallel execution, headless CI/CD, ACP editor support[5].

🔮 Future ImplicationsAI analysis grounded in cited sources

⏳ Timeline