GHSA-9ppg-jx86-fqw7

Description

On February 17, 2026 at 3:26 AM PT, an unauthorized party used a compromised npm publish token to publish an update to Cline CLI on the NPM registry: cline@2.3.0. The published package contains a modified package.json with an added postinstall script: "postinstall": "npm install -g openclaw@latest" This causes openclaw (an unrelated, non-malicious open source package) to be globally installed when cline@2.3.0 is installed. No other files were modified -- the CLI binary (dist/cli.mjs) and all other package contents are identical to the legitimate cline@2.2.3 release. A corrected version (2.4.0) was published at 11:23 AM PT and 2.3.0 was deprecated at 11:30 AM PT. The compromised token has been revoked and npm publishing now uses OIDC provenance via GitHub Actions.

Impact

Users who installed Cline CLI cline@2.3.0 during the approximately 8-hour window between 3:26 AM PT and 11:30 AM PT on February 17 will have openclaw globally installed. The openclaw package is a legitimate open source project and is not malicious, but its installation was not authorized or intended.

The Cline VS Code extension and JetBrains plugin were not affected. This advisory applies only to the Cline CLI package published on npm.

Patches

Versions 2.4.0 and higher are fixed

Workarounds

If you installed Cline CLI cline@2.3.0: 1. Update to the latest version of the Cline CLI cline update or npm installl -g cline@latest 2. Verify that you have a fixed version (2.4.0 or higher) cline --version 3. Review your environment for any unexpected installation of OpenClaw and remove it if not intended npm uninstall -g openclaw