Defensible Design for OpenClaw: Securing Autonomous Tool-Invoking Agents
This addresses security risks for developers and users of autonomous agents, but it is incremental as it builds on existing software engineering concepts.
The paper tackles the security vulnerabilities in autonomous tool-invoking agents like OpenClaw, which combine untrusted inputs and privileged access, by proposing a defensible design blueprint with a risk taxonomy and secure engineering principles to shift focus from patching to systematic safety.
OpenClaw-like agents offer substantial productivity benefits, yet they are insecure by default because they combine untrusted inputs, autonomous action, extensibility, and privileged system access within a single execution loop. We use OpenClaw as an exemplar of a broader class of agents that interact with interfaces, manipulate files, invoke tools, and install extensions in real operating environments. Consequently, their security should be treated as a software engineering problem rather than as a product-specific concern. To address these architectural vulnerabilities, we propose a blueprint for defensible design. We present a risk taxonomy, secure engineering principles, and a practical research agenda to institutionalize safety in agent construction. Our goal is to transition the community focus from isolated vulnerability patching toward systematic defensive engineering and robust deployment practices.