"The incident occurred on Tuesday, when an "unauthorized party" used a compromised token to publish an update to Cline CLI on its npm registry that installs OpenClaw - the AI agent platform slash security nightmare - on users' computers when they install cline@2.3.0. "Users who installed Cline CLI cline@2.3.0 during the approximately 8-hour window between 3:26 AM PT and 11:30 AM PT on February 17 will have openclaw globally installed," Cline's maintainers said in a security advisory."
""To make sure it's clear in the midst of the NPM package situation: I did NOT conduct overt testing on Cline's repository," Khan said in an update to his research. "I conducted my PoC on a mirror of Cline to confirm the prompt injection vulnerability," he added. "A different actor found my PoC on my test repository and used it to directly attack Cline and obtain the publication credentials.""
An unauthorized party used a compromised token to publish cline@2.3.0, causing OpenClaw to be installed globally on systems of users who installed the package. The unintended installation affected users who installed Cline during an approximately eight-hour window on February 17 between 3:26 AM PT and 11:30 AM PT. OpenClaw is a legitimate open source project, but its installation was not authorized. Maintainers revoked the compromised token and switched npm publishing to OIDC provenance via GitHub Actions. Users are advised to update to version 2.4.0 or higher and check their environments. A prior prompt-injection PoC on a mirror was discovered and reused by a different actor to obtain publication credentials.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]