{"id":"https://openalex.org/W7140874653","doi":"https://doi.org/10.48550/arxiv.2603.24414","title":"ClawKeeper: Comprehensive Safety Protection for OpenClaw Agents Through Skills, Plugins, and Watchers","display_name":"ClawKeeper: Comprehensive Safety Protection for OpenClaw Agents Through Skills, Plugins, and Watchers","publication_year":2026,"publication_date":"2026-03-25","ids":{"openalex":"https://openalex.org/W7140874653","doi":"https://doi.org/10.48550/arxiv.2603.24414"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2603.24414","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2603.24414","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2603.24414","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5122097570","display_name":"Songyang Liu","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Liu, Songyang","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5130652111","display_name":"Chaozhuo Li","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Li, Chaozhuo","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5130647582","display_name":"Chenxu Wang","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Wang, Chenxu","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5125630689","display_name":"Jinyu Hou","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Hou, Jinyu","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5130689900","display_name":"Zejian Chen","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Chen, Zejian","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5130713400","display_name":"Litian Zhang","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Zhang, Litian","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5130631783","display_name":"Zheng Liu","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Liu, Zheng","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5130651307","display_name":"Qiwei Ye","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Ye, Qiwei","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5041411239","display_name":"Yiming Hei","orcid":"https://orcid.org/0000-0003-0794-9932"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Hei, Yiming","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5130648008","display_name":"Xi Zhang","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Zhang, Xi","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5130703474","display_name":"Zhongyuan Wang","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Wang, Zhongyuan","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":11,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.8567000031471252,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.8567000031471252,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.021700000390410423,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.019600000232458115,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.4652000069618225},{"id":"https://openalex.org/keywords/robustness","display_name":"Robustness (evolution)","score":0.39590001106262207},{"id":"https://openalex.org/keywords/autonomous-agent","display_name":"Autonomous agent","score":0.3887999951839447},{"id":"https://openalex.org/keywords/middleware","display_name":"Middleware (distributed applications)","score":0.36230000853538513},{"id":"https://openalex.org/keywords/computer-security-model","display_name":"Computer security model","score":0.33480000495910645},{"id":"https://openalex.org/keywords/security-through-obscurity","display_name":"Security through obscurity","score":0.3343000113964081},{"id":"https://openalex.org/keywords/security-testing","display_name":"Security testing","score":0.33059999346733093},{"id":"https://openalex.org/keywords/security-information-and-event-management","display_name":"Security information and event management","score":0.3230000138282776},{"id":"https://openalex.org/keywords/privilege","display_name":"Privilege (computing)","score":0.3192000091075897}],"concepts":[{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.7184000015258789},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6230000257492065},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.4652000069618225},{"id":"https://openalex.org/C63479239","wikidata":"https://www.wikidata.org/wiki/Q7353546","display_name":"Robustness (evolution)","level":3,"score":0.39590001106262207},{"id":"https://openalex.org/C13687954","wikidata":"https://www.wikidata.org/wiki/Q4826847","display_name":"Autonomous agent","level":2,"score":0.3887999951839447},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.3822999894618988},{"id":"https://openalex.org/C169468491","wikidata":"https://www.wikidata.org/wiki/Q146923","display_name":"Middleware (distributed applications)","level":2,"score":0.36230000853538513},{"id":"https://openalex.org/C121822524","wikidata":"https://www.wikidata.org/wiki/Q5157582","display_name":"Computer security model","level":2,"score":0.33480000495910645},{"id":"https://openalex.org/C114869243","wikidata":"https://www.wikidata.org/wiki/Q133735","display_name":"Security through obscurity","level":5,"score":0.3343000113964081},{"id":"https://openalex.org/C195518309","wikidata":"https://www.wikidata.org/wiki/Q13424265","display_name":"Security testing","level":5,"score":0.33059999346733093},{"id":"https://openalex.org/C103377522","wikidata":"https://www.wikidata.org/wiki/Q3493999","display_name":"Security information and event management","level":4,"score":0.3230000138282776},{"id":"https://openalex.org/C2780138299","wikidata":"https://www.wikidata.org/wiki/Q3404265","display_name":"Privilege (computing)","level":2,"score":0.3192000091075897},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.31040000915527344},{"id":"https://openalex.org/C100776233","wikidata":"https://www.wikidata.org/wiki/Q2532492","display_name":"Bridge (graph theory)","level":2,"score":0.30869999527931213},{"id":"https://openalex.org/C527821871","wikidata":"https://www.wikidata.org/wiki/Q228502","display_name":"Access control","level":2,"score":0.30390000343322754},{"id":"https://openalex.org/C184842701","wikidata":"https://www.wikidata.org/wiki/Q370563","display_name":"Cloud computing security","level":3,"score":0.3012000024318695},{"id":"https://openalex.org/C48103436","wikidata":"https://www.wikidata.org/wiki/Q599031","display_name":"State (computer science)","level":2,"score":0.28859999775886536},{"id":"https://openalex.org/C154908896","wikidata":"https://www.wikidata.org/wiki/Q2167404","display_name":"Security policy","level":2,"score":0.2833999991416931},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.28029999136924744},{"id":"https://openalex.org/C178148461","wikidata":"https://www.wikidata.org/wiki/Q1632136","display_name":"Security controls","level":3,"score":0.2624000012874603},{"id":"https://openalex.org/C2780264999","wikidata":"https://www.wikidata.org/wiki/Q7445032","display_name":"Security domain","level":2,"score":0.26179999113082886},{"id":"https://openalex.org/C33762810","wikidata":"https://www.wikidata.org/wiki/Q461671","display_name":"Data integrity","level":2,"score":0.25769999623298645},{"id":"https://openalex.org/C74072328","wikidata":"https://www.wikidata.org/wiki/Q1142726","display_name":"Intelligent agent","level":2,"score":0.2574000060558319},{"id":"https://openalex.org/C20136886","wikidata":"https://www.wikidata.org/wiki/Q749647","display_name":"Interoperability","level":2,"score":0.2533000111579895},{"id":"https://openalex.org/C195094911","wikidata":"https://www.wikidata.org/wiki/Q14167904","display_name":"Process management","level":1,"score":0.2508000135421753}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2603.24414","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2603.24414","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2603.24414","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2603.24414","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"OpenClaw":[0,58],"has":[1],"rapidly":[2],"established":[3],"itself":[4],"as":[5,42,125,175,194],"a":[6,83,148,195],"leading":[7],"open-source":[8],"autonomous":[9,202],"agent":[10,69,112,157,203],"runtime,":[11],"offering":[12],"powerful":[13],"capabilities":[14],"including":[15],"tool":[16],"integration,":[17],"local":[18],"file":[19],"access,":[20],"and":[21,48,118,136,207,213],"shell":[22],"command":[23],"execution.":[24,52],"However,":[25],"these":[26],"broad":[27],"operational":[28],"privileges":[29],"introduce":[30],"critical":[31],"security":[32,54,85,107,152],"vulnerabilities,":[33],"transforming":[34],"model":[35],"errors":[36],"into":[37,110],"tangible":[38],"system-level":[39,151],"threats":[40],"such":[41,174],"sensitive":[43],"data":[44],"leakage,":[45],"privilege":[46],"escalation,":[47],"malicious":[49],"third-party":[50],"skill":[51],"Existing":[53],"measures":[55],"for":[56,199],"the":[57,68,102,111,141,168,211],"ecosystem":[59],"remain":[60],"highly":[61],"fragmented,":[62],"addressing":[63],"only":[64],"isolated":[65],"stages":[66],"of":[67,215],"lifecycle":[70],"rather":[71],"than":[72],"providing":[73,130],"holistic":[74],"protection.":[75],"To":[76],"bridge":[77],"this":[78,186],"gap,":[79],"we":[80],"present":[81],"ClawKeeper,":[82],"real-time":[84,162],"framework":[86],"that":[87,154,185],"integrates":[88],"multi-dimensional":[89],"protection":[90],"mechanisms":[91],"across":[92,217],"three":[93],"complementary":[94],"architectural":[95],"layers.":[96],"(1)":[97],"\\textbf{Skill-based":[98],"protection}":[99,123,146],"operates":[100],"at":[101],"instruction":[103],"level,":[104],"injecting":[105],"structured":[106],"policies":[108],"directly":[109],"context":[113],"to":[114,167,192],"enforce":[115],"environment-specific":[116],"constraints":[117],"cross-platform":[119],"boundaries.":[120],"(2)":[121],"\\textbf{Plugin-based":[122],"serves":[124],"an":[126],"internal":[127,170],"runtime":[128],"enforcer,":[129],"configuration":[131],"hardening,":[132],"proactive":[133],"threat":[134,219],"detection,":[135],"continuous":[137],"behavioral":[138],"monitoring":[139],"throughout":[140],"execution":[142,163],"pipeline.":[143],"(3)":[144],"\\textbf{Watcher-based":[145],"introduces":[147],"novel,":[149],"decoupled":[150],"middleware":[153],"continuously":[155],"verifies":[156],"state":[158],"evolution.":[159],"It":[160],"enables":[161],"intervention":[164],"without":[165],"coupling":[166],"agent's":[169],"logic,":[171],"supporting":[172],"operations":[173],"halting":[176],"high-risk":[177],"actions":[178],"or":[179],"enforcing":[180],"human":[181],"confirmation.":[182],"We":[183,221],"argue":[184],"Watcher":[187],"paradigm":[188],"holds":[189],"strong":[190],"potential":[191],"serve":[193],"foundational":[196],"building":[197],"block":[198],"securing":[200],"next-generation":[201],"systems.":[204],"Extensive":[205],"qualitative":[206],"quantitative":[208],"evaluations":[209],"demonstrate":[210],"effectiveness":[212],"robustness":[214],"ClawKeeper":[216],"diverse":[218],"scenarios.":[220],"release":[222],"our":[223],"code.":[224]},"counts_by_year":[],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2026-03-27T00:00:00"}