ClawTrap: A MITM-Based Red-Teaming Framework for Real-World OpenClaw Security Evaluation
Haochen Zhao, Shaoyang Cui
TL;DR
ClawTrap is a versatile MITM-based red-teaming framework designed to evaluate the security of OpenClaw web agents in real-world network conditions, revealing vulnerabilities and model robustness differences.
Contribution
The paper introduces ClawTrap, a novel, customizable MITM attack framework for practical security testing of OpenClaw agents in live network environments.
Findings
Weaker models trust tampered observations more, leading to unsafe outputs.
Stronger models better attribute anomalies and fallback safely.
Real-world MITM testing reveals security gaps not seen in static benchmarks.
Abstract
Autonomous web agents such as \textbf{OpenClaw} are rapidly moving into high-impact real-world workflows, but their security robustness under live network threats remains insufficiently evaluated. Existing benchmarks mainly focus on static sandbox settings and content-level prompt attacks, which leaves a practical gap for network-layer security testing. In this paper, we present \textbf{ClawTrap}, a \textbf{MITM-based red-teaming framework for real-world OpenClaw security evaluation}. ClawTrap supports diverse and customizable attack forms, including \textit{Static HTML Replacement}, \textit{Iframe Popup Injection}, and \textit{Dynamic Content Modification}, and provides a reproducible pipeline for rule-driven interception, transformation, and auditing. This design lays the foundation for future research to construct richer, customizable MITM attacks and to perform systematic security…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsWeb Application Security Vulnerabilities · Information and Cyber Security · Spam and Phishing Detection