News
Cline CLI Compromised: Hijacked npm Package Silently Installed OpenClaw on Developer Machines
A compromised npm publishing token allowed an attacker to push a malicious version of the Cline CLI that silently installed OpenClaw via a postinstall script. The incident was caught and fixed within hours.