The Hacker News

Cline CLI 2.3.0 Supply Chain Attack Installed OpenClaw on Developer Systems

Cline CLI 2.3.0 was published with a stolen npm token, installing OpenClaw in an 8-hour attack affecting ~4,000 downloads.

AI coding assistant Cline compromised to create more OpenClaw chaos

Someone compromised open source AI coding assistant Cline CLI's npm package earlier this week in an odd supply chain attack ...
Dark Reading

Supply Chain Attack Secretly Installs OpenClaw for Cline Users

The malicious version of Cline's npm package — 2.3.0 — was downloaded more than 4,000 times before it was removed.
CSO Online

Compromised npm package silently installs OpenClaw on developer machines

While the AI itself wasn’t weaponized, the technique raises concerns about AI agents with broad system access.