Skip to content

Let's Data ScienceLEARN • BUILD • STAY AHEAD

News
Blog
Code Problems
Pricing
Contact

© 2026 Let's Data Science

Advertise|Terms|Privacy||Image Rights

NewsCline CLI Installs OpenClaw Through Compromised Token

Industry Newssupply chainprompt injectionnpmopenclaw

Cline CLI Installs OpenClaw Through Compromised Token

|February 20, 2026

9.1

Relevance Score

Cline CLI Installs OpenClaw Through Compromised Token — Photo: blogger.googleusercontent.com · rights & takedowns

On February 17, 2026, Cline maintainers disclosed that a compromised npm publish token was used to publish [email protected], adding a postinstall script that silently installed OpenClaw on developer machines. Approximately 4,000 downloads occurred during an eight-hour window; maintainers released v2.4.0, deprecated 2.3.0, revoked the token and enabled OIDC. Researchers link the breach to a prompt-injection and cache-poisoning chain called Clinejection.

Scoring Rationale

High immediacy and credible sources drive score; limited by low observed malicious behavior and contained download window.

Newsletter·Weekly · Free

Weekly AI News

A 5-minute Monday brief on AI & data science. Curated, no fluff.

Email address

No spam. Privacy.

Practice interview problems based on real data

1,500+ SQL & Python problems across 15 industry datasets — the exact type of data you work with.

Try 250 free problems

More AI & Data Science News

Grok Sees Minimal Adoption in US Government Records

Grok Sees Minimal Adoption in US Government Records

Cohere Releases Command A+ as Open Source

Cohere Releases Command A+ as Open Source

SN9 Deploys IOTA for Distributed Large-Scale Model Training

SN9 Deploys IOTA for Distributed Large-Scale Model Training

Global Mofy AI Stock Plummets After Discounted Offering

Global Mofy AI Stock Plummets After Discounted Offering

Back to News Feed

News on Let's Data Science is compiled from multiple public sources with editorial oversight. See our Editorial Standards and Corrections Policy.