Update to the latest version: npm install “-g cline@latest.”If on version 2.3.0, update to 2.4.0 or higher.Check for and immediately remove OpenClaw if it hadn’t been intentionally installed (“npm uninstall -g openclaw”).Gooding noted, “nothing ran automatically beyond the install,” but added there was still a risk: “OpenClaw is a capable agentic tool with broad system permissions, not a trivial package to have silently dropped onto a developer’s machine.”
A no-win scenario: EDR, managed detection and response (MDR), and other security providers are going to be forced to declare OpenClaw as either a PUA or “flat out as malware, which, honestly, it can be,” said Shipley, or these kinds of attack win.”I hate to give it to attackers, but you kind of have to on this one,” he said. “This is why agentic AI is going to get so many people pwned.”Ultimately, it’s a no-win scenario, Shipley noted, particularly if any organization was “so foolish” as to have allowed OpenClaw into their enterprise environment and built business-reliant work processes on it.As he put it: “Attackers combined the two biggest dumpster fires in 2026 cybersecurity into a city-scale landfill fire by chaining supply chain hacks via npm and the smoking-hot-vibe-coded AI agent disaster of OpenClaw.”
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4135449/compromised-npm-package-silently-installs-openclaw-on-developer-machines.html
