SafeClaw-R: Towards Safe and Secure Multi-Agent Personal Assistants

TL;DR

SafeClaw-R is a framework that enforces safety and security in multi-agent personal assistants by mediating actions and augmenting skills, significantly reducing risks from LLM reasoning failures and prompt injections.

Contribution

It introduces SafeClaw-R, a system-level safety enforcement framework that systematically mediates actions and enhances skills in LLM-based multi-agent systems.

Findings

Achieves 95.2% accuracy in Google Workspace safety scenarios.

Detects 97.8% of malicious third-party skill patterns.

Attains 100% detection in adversarial code execution benchmarks.

Abstract

LLM-based multi-agent systems (MASs) are transforming personal productivity by autonomously executing complex, cross-platform tasks. Frameworks such as OpenClaw demonstrate the potential of locally deployed agents integrated with personal data and services, but this autonomy introduces significant safety and security risks. Unintended actions from LLM reasoning failures can cause irreversible harm, while prompt injection attacks may exfiltrate credentials or compromise the system. Our analysis shows that 36.4% of OpenClaw's built-in skills pose high or critical risks. Existing approaches, including static guardrails and LLM-as-a-Judge, lack reliable real-time enforcement and consistent authority in MAS settings. To address this, we propose SafeClaw-R, a framework that enforces safety as a system-level invariant over the execution graph by ensuring that actions are mediated prior to execution, and systematically augments skills with safe counterparts. We evaluate SafeClaw-R across three representative domains: productivity platforms, third-party skill ecosystems, and code execution environments. SafeClaw-R achieves 95.2% accuracy in Google Workspace scenarios, significantly outperforming regex baselines (61.6%), detects 97.8% of malicious third-party skill patterns, and achieves 100% detection accuracy in our adversarial code execution benchmark. These results demonstrate that SafeClaw-R enables practical runtime enforcement for autonomous MASs.