When Convenience Becomes Risk: A Semantic View of Under-Specification in Host-Acting Agents
This addresses a security risk for users and developers of host-acting agents, but it is incremental as it builds on existing concerns about agent safety.
The paper tackles the security problem of semantic under-specification in host-acting agents, where user goal specifications lack details, leading to risky execution plans; it develops a threat model, taxonomy, and defense principles based on a case study and analysis.
Host-acting agents promise a convenient interaction model in which users specify goals and the system determines how to realize them. We argue that this convenience introduces a distinct security problem: semantic under-specification in goal specification. User instructions are typically goal-oriented, yet they often leave process constraints, safety boundaries, persistence, and exposure insufficiently specified. As a result, the agent must complete missing execution semantics before acting, and this completion can produce risky host-side plans even when the user-stated goal is benign. In this paper, we develop a semantic threat model, present a taxonomy of semantic-induced risky completion patterns, and study the phenomenon through an OpenClaw-centered case study and execution-trace analysis. We further derive defense design principles for making execution boundaries explicit and constraining risky completion. These findings suggest that securing host-acting agents requires governing not only which actions are allowed at execution time, but also how goal-only instructions are translated into executable plans.