Miguel de Icaza ᯅ🍉Mar 5
We are doomed: https://grith.ai/blog/clinejection-when-your-ai-tool-installs-another
A GitHub Issue Title Compromised 4,000 Developer Machines

A prompt injection in a GitHub issue triggered a chain reaction that ended with 4,000 developers getting OpenClaw installed without consent. The attack composes well-understood vulnerabilities into something new: one AI tool bootstrapping another.

Show threadRay McCarthy

@Migueldeicaza
"Why existing controls did not catch it

npm audit: The postinstall script installs a legitimate, non-malicious package (OpenClaw). There is no malware to detect."

My POV is that OpenClaw is one of the most malicious programs ever distributed. Baffling that people deliberately install it!

Mar 5 at 7:10pmWeb