That’s not the issue, the issue is that people are using their subscriptions (intended only for use with Anthropic products) with non-Anthropic products and this is simply Anthropic enforcing their ToS.

Good point. When it comes to npm Trojans you’re probably more likely to find them in dumb and boring deps like Lpad.

That's table stakes. LLMs are not like traditional software for fundamental reasons, and cannot be fully secured without destroying all value they provide.

Once again, despite everyone's protestations about not anthropomorphising things, LLMs are, to first approximation, best seen as little people on a chip. So with that in mind, it should be obvious why enterprise would prefer dealing with Anthropic's official products than OpenClaw - it's similar to contracting a team of software engineers from another well-known corporation and giving them keys to the castle, vs. inviting in any randos that show up at the door on any given day and can pass FizzBuzz test. Even if, in both cases, these turned out to be the same people, having an organizational/legal-level relationship changes the expectations and trust levels involved.