AI coding assistant Cline compromised to create more OpenClaw chaos
The Register
February 20, 2026
AI-Generated Deep Dive Summary
A recent supply chain attack compromised the open-source AI coding assistant Cline CLI's npm package, leading to the unauthorized installation of OpenClaw—a controversial AI agent platform—on developers' machines. The incident occurred on February 17 when an "unauthorized party" exploited a compromised token to publish a malicious update (version 2.3.0) to the Cline CLI registry. During an approximately eight-hour window, this update secretly installed OpenClaw globally on users' systems. While OpenClaw itself is a legitimate project, its installation without developers' consent raised significant security concerns.
Cline's maintainers issued a security advisory, revealing that anyone who installed cline@2.3.0 during the affected timeframe would have Open
Verticals
tech
Originally published on The Register on 2/20/2026