ACCORDING to GitHub Security Advisory, StepSecurity’s npm monitoring system flagged a suspicious release of cline@2.3.0 on 17 February 2026 at 11:40 UTC, published by the user account clinebotorg with a malicious post-install script. The version 2.3.0 of the cline CLI silently installs a secondary package, openclaw, on any machine that runs npm install cline, using a global installation via npm install -g openclaw@latest.
About 4,000 downloads occurred before maintainers deprecated the package roughly eight hours after its release. The incident was independently discovered by Adnan Khan, who was credited as the reporter on GitHub Security Advisory GHSA-9ppg-jx86-fqw7. StepSecurity notes that legitimate releases of cline previously used GitHub Actions with OIDC-based trusted publishing, and that 2.3.0 lacked these provenance attestations, marking a strong indicator of a compromised publish. The post highlights remediation steps for affected users and points to their Threat Center and Artifact Monitor for ongoing detection and containment.