Defensible Design for OpenClaw: Securing Autonomous Tool-Invoking Agents
2026-03-13 • Cryptography and Security
Cryptography and Security
AI summaryⓘ
The authors discuss that OpenClaw-like agents, which automate tasks and can access important parts of a computer, often have security risks because they mix untrusted inputs with powerful system access. They suggest that these security issues should be handled like software engineering problems, not just fixed case-by-case. The authors propose a new design approach including risk categories and engineering principles to build safer agents. Their aim is to help the community focus on building security into agents from the start rather than just patching problems as they arise.
OpenClawsoftware agentssoftware securityrisk taxonomysecure software designsoftware engineeringautonomous agentssystem accessextension securitysecurity blueprint
Authors
Zongwei Li, Wenkai Li, Xiaoqi Li
Abstract
OpenClaw-like agents offer substantial productivity benefits, yet they are insecure by default because they combine untrusted inputs, autonomous action, extensibility, and privileged system access within a single execution loop. We use OpenClaw as an exemplar of a broader class of agents that interact with interfaces, manipulate files, invoke tools, and install extensions in real operating environments. Consequently, their security should be treated as a software engineering problem rather than as a product-specific concern. To address these architectural vulnerabilities, we propose a blueprint for defensible design. We present a risk taxonomy, secure engineering principles, and a practical research agenda to institutionalize safety in agent construction. Our goal is to transition the community focus from isolated vulnerability patching toward systematic defensive engineering and robust deployment practices.