Cline Supply Chain Attack: Cline 2.3.0 Silently Installs OpenClaw (opens in new tab)

cline@2.3.0 was published with a malicious post-install script that silently installs OpenClaw on any machine running npm install.