{"data":{"id":"11eceb5e-c302-4e31-b682-dea903d5271f","title":"Compromised npm package silently installs OpenClaw on developer machines","summary":"A compromised npm publish token (a credential that allows someone to upload code to a package repository) was used to push a malicious update to the Cline CLI (command-line tool), which secretly installed OpenClaw, an AI agent with broad system access, on developers' machines without their knowledge. The malicious package sat on the registry for eight hours before being removed, and OpenClaw itself has a history of security vulnerabilities including prompt injection attacks (tricking an AI by hiding instructions in its input) and authentication bypasses.","solution":"For developers who installed or updated Cline CLI during the compromised window on February 17, Socket advises: (1) Update to the latest version by running 'npm install -g cline@latest'; (2) If on version 2.3.0, update to 2.4.0 or higher; (3) Check for and immediately remove OpenClaw if it wasn't intentionally installed.","labels":["security"],"sourceUrl":"https://www.csoonline.com/article/4135449/compromised-npm-package-silently-installs-openclaw-on-developer-machines.html","publishedAt":"2026-02-21T02:52:03.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["supply_chain"],"issueType":"news","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["Cline","OpenClaw"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality","availability"],"aiComponentTargeted":"agent","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}