Information security
fromInfoWorld
7 hours agoCompromised npm package silently installs OpenClaw on developer machines
A compromised npm token caused the Cline CLI to install OpenClaw via a malicious postinstall script, exposing users to an agent with broad system access.