Compromised npm Token Triggers Malicious Cline CLI Update, Silently Installing AI Agent on Developer Machines

A compromised npm token pushes a malicious Cline CLI update that silently installs the AI agent OpenClaw on developer machines, remaining live for eight hours and exposing users to serious supply chain and agentic AI risks — developers are urged to update to Cline version 2.4.0 immediately.

• A compromised npm publish token pushes a malicious update for the widely-used Cline CLI, silently installing the AI agent OpenClaw on developer machines via a postinstall script that remains live on the registry for approximately eight hours.
• OpenClaw, a free open-source autonomous AI agent with broad system access and deep integrations with platforms like WhatsApp, Slack, and Teams, is not inherently malicious in this case, but its unauthorized installation poses serious risks as it can perform real-world actions on a user's behalf.
• Security experts warn this attack chains supply chain vulnerabilities with agentic AI risks, forcing EDR providers to potentially classify OpenClaw as a potentially unwanted application or malware, with developers advised to update to Cline version 2.4.0 and remove any unintended OpenClaw installations.