Cline's postmortem seems to have a lot of relevant facts:

https://cline.bot/blog/post-mortem-unauthorized-cline-cli-np...

Though, whether OpenClaw should be considered a "benign payload" or a trojan horse of some sort seems like a matter of perspective.