Does cline have any known vulnerabilities?

No known CVE vulnerabilities were found for cline v2.3.0 in the brin database.

Can I use cline safely with AI coding agents?

cline has been flagged with risk indicators. Review the detected threats and capabilities before using with AI coding agents. Assessments are automated and may contain errors.

cline

Q: Is cline safe to use?

cline v2.3.0 has been flagged for review in the latest brin safety scan. Trust score: 85/100. Manual review is recommended. This is an automated assessment.

Q: What capabilities does cline have?

No system capabilities were detected for cline. It does not appear to access the network, filesystem, or spawn processes.

npm

Is cline safe to use?

The latest brin safety scan flagged cline v2.3.0 with risk indicators that warrant review. No known CVE vulnerabilities and 1 detected threat pattern, including patterns consistent with malicious install scripts. Trust score: 85/100. Review the findings below before use. This is an automated assessment and may contain errors.

Install (safety-checked)

cline Has Confirmed Threats

Confirmed threat patterns detected in this package

critical

CVEs

Threats

Install Scripts

Risk Indicators

•verified malicious_install_scripts threat (confidence: 0.95)
•verified dependency_confusion threat (confidence: 0.90)

cline Confirmed Threats (1)

Suspicious Install Scripts

confidence: 95%confirmed

Location: package.json:36

"postinstall": "npm install -g openclaw@latest"

Install Scripts Detected

postinstall

This package runs scripts during installation. Review these scripts before installing.

brin Recommendations

→This package is assessed as high-risk. Manual review is strongly recommended before use.
→1 verified threat pattern detected. Review the specific findings and consider alternatives.
→Install scripts detected. When using with AI agents, consider running in a sandboxed environment.

This is an automated, point-in-time assessment and may contain errors. Findings are risk indicators, not confirmed threats. Security posture may change over time. Maintainers can dispute findings via the brin review process.

cline Capabilities & Permissions

No system capabilities detected for cline. It does not appear to access the network, filesystem, spawn processes, or use native modules. No capability concerns identified for use with AI coding agents.

AGENTS.md for cline

Good instructions lead to good results. brin adds cline documentation to your AGENTS.md so your agent knows how to use it properly—improving both safety and performance.

brin init

Vercel's research: 100% accuracy with AGENTS.md vs 53% without →

cline Documentation & Source Code

For the full cline README, API documentation, and source code, visit the official package registry.

View on npm View Source Homepage

Frequently asked questions about cline safety

Install (safety-checked)

Weekly Downloads

90.6K

Version

2.3.0

License

Apache-2.0

Other Versions

2.4.2

2.4.1

2.4.0

Last Scanned

3 days ago

Trust Score

85/100·Legitimacy signals, not safety

Confirmed Threats (1)

malicious install scriptsconfirmed

Location: package.json:36

Confidence: 95%

"postinstall": "npm install -g openclaw@latest"

Confirmed threats have been validated by human review and represent real risks.

Install Scripts

This package has install scripts that run automatically:

postinstall

Capabilities

No special capabilities detected