Uncovering Security Threats and Architecting Defenses in Autonomous Agents: A Case Study of OpenClaw

TL;DR

This paper analyzes security vulnerabilities in autonomous AI agents like OpenClaw, proposing a new risk taxonomy and a comprehensive security architecture to mitigate threats such as prompt injection and supply chain attacks.

Contribution

It introduces a novel tri-layered risk taxonomy and the Full-Lifecycle Agent Security Architecture (FASA) to systematically address security flaws in autonomous agents.

Findings

Identification of critical vulnerabilities like prompt injection RCE and supply chain contamination.

Proposal of the FASA security architecture with zero-trust and dynamic verification principles.

Development of Project ClawGuard to implement and evaluate the proposed security framework.

Abstract

The rapid evolution of Large Language Models (LLMs) into autonomous, tool-calling agents has fundamentally altered the cybersecurity landscape. Frameworks like OpenClaw grant AI systems operating-system-level permissions and the autonomy to execute complex workflows. This level of access creates unprecedented security challenges. Consequently, traditional content-filtering defenses have become obsolete. This report presents a comprehensive security analysis of the OpenClaw ecosystem. We systematically investigate its current threat landscape, highlighting critical vulnerabilities such as prompt injection-driven Remote Code Execution (RCE), sequential tool attack chains, context amnesia, and supply chain contamination. To systematically contextualize these threats, we propose a novel tri-layered risk taxonomy for autonomous Agents, categorizing vulnerabilities across AI Cognitive, Software Execution, and Information System dimensions. To address these systemic architectural flaws, we introduce the Full-Lifecycle Agent Security Architecture (FASA). This theoretical defense blueprint advocates for zero-trust agentic execution, dynamic intent verification, and cross-layer reasoning-action correlation. Building on this framework, we present Project ClawGuard, our ongoing engineering initiative. This project aims to implement the FASA paradigm and transition autonomous agents from high-risk experimental utilities into trustworthy systems. Our code and dataset are available at https://github.com/NY1024/ClawGuard.