Last week, a new AI agent framework was introduced to automate "live". It targets office work in particular, focusing on messaging and interacting with systems. The tool has gone viral not so much because of its features, which are similar to those of other agent frameworks, but because of a stream of security oversights in its design.

If you are looking to detect the use of OpenClaw in your environment, Knostic has created scripts to detect It, and, if you do want to use OpenClaw, to collect telemetry about its use.

openclaw-detect https://github.com/knostic/openclaw-detect

This script searches the system for filenames commonly associated with OpenClaw. For example, the presence of the state directory ~/.openclaw or for a Docker container running openclaw. If you have decent endpoint monitoring, this tool may not be needed, but it can give you some hints on which files to look for.

openclaw-telemetry https://github.com/knostic/openclaw-telemetry

If you do run OpenClaw, openclaw-detect will add additional meaningful logging. The tool captures "every tool call, LLM request, and agent session — with built-in redaction, tamper-proof hash chains, syslog/SIEM forwarding, and rate limiting". It is an OpenClaw plugin and installs like any other OpenClaw plugin

In addition, there are a few additional security tools and tips:

• The OpenClaw documentation now has a dedicated security section: https://docs.openclaw.ai/gateway/security
• OpenClaw's documentation explains how to set up OpenClaw inside a Docker sandbox: https://docs.openclaw.ai/cli/sandbox.
• Do not provide OpenClaw with access to accounts you intend to lose.
• Do not expose OpenClaw to the Internet
• ACIP, the "Advanced Cognitive Inoculation Prompt", has a version for OpenClaw that intends to limit prompt injection. https://github.com/Dicklesworthstone/acip/tree/main/integrations/clawdbot

--
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu
Twitter|