AI coding assistant Cline compromised, installs OpenClaw

A recent security breach involving the open-source AI coding assistant Cline has led to the unauthorized installation of OpenClaw on developers' machines. This incident, which took place on February 20, 2026, saw an attacker exploit a compromised token to publish a malicious update to the Cline CLI npm package. As a result, over 4,000 developers unknowingly had OpenClaw integrated into their workflows, raising concerns about the implications of such AI automation in software development.

The attack highlights vulnerabilities in agent workflows and the importance of securing API access within developer tooling. As companies increasingly rely on integrations and SDKs for efficiency, incidents like this serve as a reminder to maintain vigilance against supply chain attacks. OpenClaw's unexpected presence in the Cline package underscores the need for regular model updates and stringent rate limits to protect developers from similar threats in the future.