### Description
On February 17, 2026 at 3:26 AM PT, an unauthorized party used a compromised npm publish token to publish an update to Cline CLI on the NPM registry: [email protected]. The published package contains a modified package.json with an added postinstall script:
`"postinstall": "npm install -g openclaw@latest"`
This causes openclaw (an unrelated, non-malicious open source package) to be globally installed when [email protected] is installed. No other files were modified -- the CLI binary (dist/cli.mjs) and all other package contents are identical to the legitimate [email protected] release.
A corrected version (2.4.0) was published at 11:23 AM PT and 2.3.0 was deprecated at 11:30 AM PT. The compromised token has been revoked and npm publishing now uses OIDC provenance via GitHub Actions.

### Impact
Users who installed Cline CLI [email protected] during the approximately 8-hour window between 3:26 AM PT and 11:30 AM PT on February 17 will have openclaw globally installed. The openclaw package is a legitimate open source project and is not malicious, but its installation was not authorized or intended.

The Cline VS Code extension and JetBrains plugin were not affected. This advisory applies only to the Cline CLI package published on npm.

### Patches
Versions 2.4.0 and higher are fixed

### Workarounds
If you installed Cline CLI [email protected]:
1. Update to the latest version of the Cline CLI
`cline update` or `npm installl -g cline@latest`
2. Verify that you have a fixed version (2.4.0 or higher)
`cline --version`
3. Review your environment for any unexpected installation of OpenClaw and remove it if not intended
`npm uninstall -g openclaw`