Compromised npm Token Triggers Malicious Cline CLI Update, Silently Installing AI Agent on Developer Machines
A compromised npm token pushes a malicious Cline CLI update that silently installs the AI agent OpenClaw on developer machines, remaining live for eight hours and exposing users to serious supply chain and agentic AI risks — developers are urged to update to Cline version 2.4.0 immediately.