Cline CLI npm Package Compromised via Suspected Cache Poisoning Attack

On February 17, 2026, a compromised npm publish token was used to push a malicious version of cline, a popular AI coding agent CLI, to the npm registry. The malicious version, [email protected], included a postinstall script that globally installed openclaw, a legitimate but significant AI assistant project, without user consent. Though openclaw is not inherently malicious, its broad system access and integrations with various messaging platforms posed a security risk. The unauthorized publish resulted from a suspected cache poisoning attack, where a GitHub Actions workflow allowed arbitrary command execution through a prompt injection attack. Security researcher Adnan Khan had previously reported the vulnerability to Cline, but it was not addressed until after public disclosure. Despite the malicious publish being quickly deprecated, the incident highlighted the importance of timely responses to security reports and the potential risks of AI-powered workflows with broad access.