npm · Malicious package advisory
Malwarecline
MAL-2026-1380
Malicious code in cline (npm)
Details
--- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (38d7531f4d4af07fee607e1d2985d0ea5b41dbf28cca5bc16c8457934e372f86) The package cline was found to contain malicious code. ## Source: google-open-source-security (ba9952611b2aa348b1b5cc0349d7b905e32d34effa53081994388c37d0d3462a) An unauthorized party used a compromised npm publish token to publish v2.3.0 of the Cline CLI on the NPM. The compromise added a postinstall script that globally installed openclaw.
Compromised versions (1)
- 2.3.0
Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.