Every week, StackDrift's monitoring system scans the Terms of Service, Privacy Policies, and Pricing pages of the vendors you depend on. When something changes, we break it down so you don't have to hire a lawyer (or become one).

This week: Cline got hit with supply chain attack. The vehicle… OpenClaw.

Let's get into it.

If you've been online at all this week, you've seen OpenClaw — the viral "lobster-themed" AI agent that promised to automate your entire workflow. It's clever, it's fast, and as of a few days ago, it's also a masterclass in how to hijack a developer's machine.

What happened: Version 2.3.0 of Cline (the popular VS Code AI assistant) got hit with a supply chain attack. Someone stole an npm publish token and added a post-install hook. If you updated Cline, it silently force-installed OpenClaw in the background.

Why this is bad — really bad: Normally, prompt injection just makes a chatbot say something embarrassing. But when you give an AI assistant shell access, prompt injection becomes remote code execution.

The lethal trifecta:

OpenClaw wasn't even the malware — it was the vehicle. By installing a second, highly-privileged agent on your machine, the attacker created a persistent backdoor that bypasses traditional firewalls entirely.

The uncomfortable truth: We're officially in the Wild West phase of agentic AI. Your assistant is basically a hyper-competent intern who will open the front door for anyone who asks nicely in a hidden <meta> tag.

What to do now:

Your AI assistant trusts its inputs more than it trusts you. Make sure you're the only one talking to it.

Stay safe out there

Trish @ StackDrift

StackDrift · Unsubscribe