Post-mortem: Unauthorized Cline CLI npm publish on February 17, 2026

An unauthorized publication of the npm package [email protected] occurred due to a compromised token, which led to the unintended inclusion of a postinstall script installing the legitimate open source project openclaw without delivering any malicious code. This incident, which affected only the Cline CLI npm package and not the associated VS Code and JetBrains extensions, was resolved within approximately eight hours by releasing version 2.4.0 and revoking the compromised token. The vulnerability was traced to a prompt injection flaw in a GitHub Actions workflow designed for issue triage, which allowed attackers to execute arbitrary code due to misconfigured access permissions. Despite the benign nature of the payload, the incident highlighted the risk of AI-driven automation in CI/CD pipelines and prompted a comprehensive review of credential management and security practices. Security researcher Adnan Khan played a crucial role in identifying the vulnerability, leading to the removal of the flawed workflow, rotation of credentials, and implementation of OIDC provenance for npm publishing to prevent future occurrences.