Industry Newssupply chainprompt injectionnpmopenclaw

Cline CLI Installs OpenClaw Through Compromised Token

||By LDS Team
9.1
Relevance Score
Cline CLI Installs OpenClaw Through Compromised Token
Photo: blogger.googleusercontent.com · rights & takedowns

On February 17, 2026, Cline maintainers disclosed that a compromised npm publish token was used to publish [email protected], adding a postinstall script that silently installed OpenClaw on developer machines. Approximately 4,000 downloads occurred during an eight-hour window; maintainers released v2.4.0, deprecated 2.3.0, revoked the token and enabled OIDC. Researchers link the breach to a prompt-injection and cache-poisoning chain called Clinejection.

Key Points

  • 1Installs OpenClaw on developer machines when Cline CLI v2.3.0 was published on Feb 17, 2026.
  • 2Reveals prompt-injection and GitHub Actions cache-poisoning (Clinejection) enabling theft of npm publish tokens.
  • 3Urges maintainers to adopt OIDC publishing, revoke tokens, and govern AI agents as privileged actors.

Scoring Rationale

High immediacy and credible sources drive score; limited by low observed malicious behavior and contained download window.

Sources

Public references used for this report.

2 sources

Practice interview problems based on real data

1,625 SQL & Python problems across 15 industry datasets — the exact type of data you work with.

Try 250 free problems