cs.CRcs.AI
A Systematic Security Evaluation of OpenClaw and Its Variants
Apr 3, 2026
The paper systematically evaluates six OpenClaw-series AI agent frameworks, demonstrating that these agentized systems possess significant security vulnerabilities that are distinct from and more severe than the underlying language models alone.
Tool-augmented AI agents substantially extend the practical capabilities of large language models, but they also introduce security risks that cannot be identified through model-only evaluation. In this paper, we present a systematic security assessment of six representative OpenClaw-series agent frameworks, namely OpenClaw, AutoClaw, QClaw, KimiClaw, MaxClaw, and ArkClaw, under multiple backbone models. To support this study, we construct a benchmark of 205 test cases covering representative attack behaviors across the full agent execution lifecycle, enabling unified evaluation of risk exposure at both the framework and model levels. Our results show that all evaluated agents exhibit substantial security vulnerabilities, and that agentized systems are significantly riskier than their underlying models used in isolation. In particular, reconnaissance and discovery behaviors emerge as the most common weaknesses, while different frameworks expose distinct high-risk profiles, including credential leakage, lateral movement, privilege escalation, and resource development. These findings indicate that the security of modern agent systems is shaped not only by the safety properties of the backbone model, but also by the coupling among model capability, tool use, multi-step planning, and runtime orchestration. We further show that once an agent is granted execution capability and persistent runtime context, weaknesses arising in early stages can be amplified into concrete system-level failures. Overall, our study highlights the need to move beyond prompt-level safeguards toward lifecycle-wide security governance for intelligent agent frameworks.
Your Agent, Their Asset: A Real-World Safety Analysis of OpenClaw
This paper conducts the first real-world safety evaluation of the personal AI ag…
ClawKeeper: Comprehensive Safety Protection for OpenClaw Agents Through Skills, Plugins, and Watcher…
ClawKeeper is a comprehensive, multi-layered security framework designed to miti…
Agent Audit: A Security Analysis System for LLM Agent Applications
Agent Audit is a novel security analysis system that comprehensively audits LLM…
ClawTrap: A MITM-Based Red-Teaming Framework for Real-World OpenClaw Security Evaluation
The paper introduces ClawTrap, a MITM-based red-teaming framework, to evaluate t…
A Security Analysis of the OpenClaw AI Agent Framework
This paper analyzes 470 security advisories in the OpenClaw AI agent framework,…
Foundations for Agentic AI Investigations from the Forensic Analysis of OpenClaw
This paper investigates the forensic analysis of agentic AI systems using OpenCl…
Towards Secure Agent Skills: Architecture, Threat Taxonomy, and Security Analysis
This paper provides the first comprehensive security analysis of the Agent Skill…
Trojan's Whisper: Stealthy Manipulation of OpenClaw through Injected Bootstrapped Guidance
This paper identifies and characterizes 'guidance injection,' a stealthy attack…