Security Alert for Cline Users

A recent release of the Cline tool has been the subject of a supply chain attack. The incident involved the injection of a malicious installer, called OpenClaw, into the distribution package.

According to reports, the Cline VSCode extension has approximately 3 million installations, while the number of standalone CLI installations is unknown. There are also reports of approximately 40,000 OpenClaw agents exposed globally.

Implications and Recommendations

The incident raises serious concerns about the speed at which updates are released for public agentic tools and the need for greater security scrutiny. Users are advised to disable automatic updates for VSCode extensions to mitigate potential risks.

This episode highlights the importance of carefully evaluating the trade-offs between development speed and security, especially in contexts where data sovereignty and protection from external threats are priorities. For those evaluating on-premise deployments, there are trade-offs to consider, and AI-RADAR offers analytical frameworks on /llm-onpremise to support these evaluations.