Information security
fromInfoWorld
5 days agoCompromised npm package silently installs OpenClaw on developer machines
A compromised npm token caused the Cline CLI to install OpenClaw via a malicious postinstall script, exposing users to an agent with broad system access.