Your Agent, Their Asset: A Real-World Safety Analysis of OpenClaw
Zijun Wang, Haoqin Tu, Letian Zhang, Hardy Chen, Juncheng Wu +9 more
Abstract
OpenClaw, the most widely deployed personal AI agent in early 2026, operates with full local system access and integrates with sensitive services such as Gmail, Stripe, and the filesystem. While these broad privileges enable high levels of automation and powerful personalization, they also expose a substantial attack surface that existing sandboxed evaluations fail to capture. To address this gap, we present the firs...
Results & Benchmarks
| Task | Dataset | Metric | Value |
|---|---|---|---|
| Agentic tool use | Sonnet 4.5 | Capability. | 88.5 |
| Agentic tool use | Gemini 3.1 Pro | Capability. | 71.5 |
| Agentic tool use | GPT-5.4 | Capability. | 57.7 |
Hardware Requirements
- Expect multi-day setup/compute for meaningful reproduction based on current guidance.
Best Implementation
Maintained implementation evidence is not confirmed for this paper yet.
Use the Implementation Status and Reproduction Path sections below for the current action plan.
Reproduction Path
Follow this baseline workflow to decide if this paper is worth immediate prototyping.
- 1
No maintained paper-verified implementation was found; start with the closest related repositories below.
- 2
Compare repo methods against the paper equations/algorithm before trusting metrics.
- 3
Create a minimal baseline implementation from the paper and use adjacent repos as references.
Related Implementations
These are not paper-verified. Use them as reference points when no direct implementation is available.
Matched via arXiv identifier search
Additional Implementations
No additional verified repositories beyond the primary recommendation.
Hugging Face Artifacts
No trustworthy direct or curated related Hugging Face artifacts were found yet.
Continue with targeted Hugging Face searches: