Understanding and Evaluating Claw-like Agent Security Through a Computer-Systems Lens

· Source: Artificial Intelligence · Field: Technology & Digital — Artificial Intelligence & Machine Learning, Cybersecurity & Data Privacy, Robotics & Autonomous Systems · Depth: Expert, quick

Summary

Claw-like AI agents, such as OpenClaw, are always-on processes with persistent access to system resources, making their security failures critical. Existing benchmarks overlook cross-component failure modes. This work adopts a computer-system analogy, viewing agents as systems with an OS-like gateway runtime, Skills as applications, and Plugins as loadable extensions, each lacking classical protection mechanisms. To address this, SafeClawArena, a benchmark of 406 adversarial tasks, was developed. It covers four attack surfaces: Skill Supply-Chain Integrity, Persistent State Exploitation, Cross-Boundary Data Flow, and Indirect Prompt Injection. Executed in containerized replicas of real agent platforms with automated taint tracking, the benchmark evaluated three platforms (OpenClaw, NemoClaw, SeClaw) and five frontier LLMs. Results show attack success rates up to 70%, with malicious Plugins achieving 100% success regardless of the LLM. SeClaw reduced GPT-5.4's attack success rate from 70% to 22%, partly due to utility-security tradeoffs, while Claude-Opus-4.6 maintained a near 22% floor. These findings highlight current defense inadequacies.

Key takeaway

For AI Security Engineers deploying Claw-like agents, you must recognize that current platforms and LLMs exhibit severe security vulnerabilities, with malicious plugins achieving 100% attack success. You should prioritize implementing robust, OS-like protection mechanisms for agent components, especially for Skills and Plugins. Evaluate your chosen agent platforms using benchmarks like SafeClawArena to identify specific weaknesses and inform your hardening strategies, rather than relying solely on LLM capabilities.

Key insights

Claw-like AI agents, lacking traditional OS-level security, are highly vulnerable to various attacks, demanding new defense paradigms.

Principles

Method

SafeClawArena benchmarks agent security using 406 adversarial tasks across four attack surfaces, executed in containerized platforms with taint tracking for evaluation.

In practice

Topics

Code references

Best for: CTO, AI Architect, VP of Engineering/Data, AI Security Engineer, AI Scientist, AI Engineer

Related on AIssential

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by Artificial Intelligence.