Supply Chain Attack Targets Cline npm Package Users with OpenClaw Malware

A supply chain attack involved a malicious version of the Cline npm package, specifically version 2.3.0, which was secretly modified to install OpenClaw malware. The compromised package was downloaded over 4,000 times before being removed from the npm registry. The attack targeted users of the Cline package, though no specific timeline or attribution details were provided. No CVE IDs or additional technical indicators were mentioned in the report. The impact included potential unauthorized code execution or data compromise for affected users.