Defensible Design for OpenClaw: Securing Autonomous Tool-Invoking Agents

Computer Science > Cryptography and Security [Submitted on 13 Mar 2026] Defensible Design for OpenClaw: Securing Autonomous Tool-Invoking Agents Zongwei Li, Wenkai Li, Xiaoqi Li OpenClaw-like agents offer substantial productivity benefits, yet they are insecure by default because they combine untrusted inputs, autonomous action, extensibility, and privileged system access within a single execution loop. We use OpenClaw as an exemplar of a broader class of agents that interact with interfaces, manipulate files, invoke tools, and install extensions in real operating environments. Consequently, their security should be treated as a software engineering problem rather than as a product-specific concern. To address these architectural vulnerabilities, we propose a blueprint for defensible design. We present a risk taxonomy, secure engineering principles, and a practical research agenda to institutionalize safety in agent construction. Our goal is to transition the community focus from isolated vulnerability patching toward systematic defensive engineering and robust deployment practices. Subjects: Cryptography and Security (cs.CR) Cite as: arXiv:2603.13151 [cs.CR]   (or arXiv:2603.13151v1 [cs.CR] for this version)   https://doi.org/10.48550/arXiv.2603.13151 Focus to learn more Submission history From: Zongwei Li [view email] [v1] Fri, 13 Mar 2026 16:41:11 UTC (43 KB) Access Paper: HTML (experimental) view license Current browse context: cs.CR < prev   |   next > new | recent | 2026-03 Change to browse by: cs References & Citations NASA ADS Google Scholar Semantic Scholar Export BibTeX Citation Bookmark Bibliographic Tools Bibliographic and Citation Tools Bibliographic Explorer Toggle Bibliographic Explorer (What is the Explorer?) Connected Papers Toggle Connected Papers (What is Connected Papers?) Litmaps Toggle Litmaps (What is Litmaps?) scite.ai Toggle scite Smart Citations (What are Smart Citations?) Code, Data, Media Demos Related Papers About arXivLabs Which authors of this paper are endorsers? | Disable MathJax (What is MathJax?)