{"id":"https://openalex.org/W7150853638","doi":"https://doi.org/10.48550/arxiv.2604.03131","title":"A Systematic Security Evaluation of OpenClaw and Its Variants","display_name":"A Systematic Security Evaluation of OpenClaw and Its Variants","publication_year":2026,"publication_date":"2026-04-03","ids":{"openalex":"https://openalex.org/W7150853638","doi":"https://doi.org/10.48550/arxiv.2604.03131"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2604.03131","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2604.03131","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2604.03131","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5133039071","display_name":"Yuhang Wang","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Wang, Yuhang","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5133050499","display_name":"Haichang Gao","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Gao, Haichang","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5133027675","display_name":"Zhenxing Niu","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Niu, Zhenxing","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5133040544","display_name":"Zhaoxiang Liu","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Liu, Zhaoxiang","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5133030099","display_name":"Wenjing Zhang","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Zhang, Wenjing","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5133018620","display_name":"Xiang Wang","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Wang, Xiang","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5109860880","display_name":"Shiguo Lian","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Lian, Shiguo","raw_affiliation_strings":[],"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":7,"corresponding_author_ids":["https://openalex.org/A5133039071"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.12800000607967377,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.12800000607967377,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.11649999767541885,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.09830000251531601,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/credential","display_name":"Credential","score":0.7109000086784363},{"id":"https://openalex.org/keywords/construct","display_name":"Construct (python library)","score":0.6409000158309937},{"id":"https://openalex.org/keywords/benchmark","display_name":"Benchmark (surveying)","score":0.4754999876022339},{"id":"https://openalex.org/keywords/computer-security-model","display_name":"Computer security model","score":0.45579999685287476},{"id":"https://openalex.org/keywords/resource","display_name":"Resource (disambiguation)","score":0.44760000705718994},{"id":"https://openalex.org/keywords/security-testing","display_name":"Security testing","score":0.41339999437332153},{"id":"https://openalex.org/keywords/privilege","display_name":"Privilege (computing)","score":0.396699994802475},{"id":"https://openalex.org/keywords/security-information-and-event-management","display_name":"Security information and event management","score":0.3774999976158142}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.722000002861023},{"id":"https://openalex.org/C2777810591","wikidata":"https://www.wikidata.org/wiki/Q16861606","display_name":"Credential","level":2,"score":0.7109000086784363},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6625999808311462},{"id":"https://openalex.org/C2780801425","wikidata":"https://www.wikidata.org/wiki/Q5164392","display_name":"Construct (python library)","level":2,"score":0.6409000158309937},{"id":"https://openalex.org/C185798385","wikidata":"https://www.wikidata.org/wiki/Q1161707","display_name":"Benchmark (surveying)","level":2,"score":0.4754999876022339},{"id":"https://openalex.org/C121822524","wikidata":"https://www.wikidata.org/wiki/Q5157582","display_name":"Computer security model","level":2,"score":0.45579999685287476},{"id":"https://openalex.org/C206345919","wikidata":"https://www.wikidata.org/wiki/Q20380951","display_name":"Resource (disambiguation)","level":2,"score":0.44760000705718994},{"id":"https://openalex.org/C195518309","wikidata":"https://www.wikidata.org/wiki/Q13424265","display_name":"Security testing","level":5,"score":0.41339999437332153},{"id":"https://openalex.org/C2780138299","wikidata":"https://www.wikidata.org/wiki/Q3404265","display_name":"Privilege (computing)","level":2,"score":0.396699994802475},{"id":"https://openalex.org/C103377522","wikidata":"https://www.wikidata.org/wiki/Q3493999","display_name":"Security information and event management","level":4,"score":0.3774999976158142},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.3305000066757202},{"id":"https://openalex.org/C168167062","wikidata":"https://www.wikidata.org/wiki/Q1117970","display_name":"Component (thermodynamics)","level":2,"score":0.31790000200271606},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.31700000166893005},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.31189998984336853},{"id":"https://openalex.org/C154908896","wikidata":"https://www.wikidata.org/wiki/Q2167404","display_name":"Security policy","level":2,"score":0.29510000348091125},{"id":"https://openalex.org/C114869243","wikidata":"https://www.wikidata.org/wiki/Q133735","display_name":"Security through obscurity","level":5,"score":0.29120001196861267},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.2728999853134155},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.26669999957084656},{"id":"https://openalex.org/C39389867","wikidata":"https://www.wikidata.org/wiki/Q380767","display_name":"Corporate governance","level":2,"score":0.2648000121116638},{"id":"https://openalex.org/C74072328","wikidata":"https://www.wikidata.org/wiki/Q1142726","display_name":"Intelligent agent","level":2,"score":0.26429998874664307},{"id":"https://openalex.org/C136197465","wikidata":"https://www.wikidata.org/wiki/Q1729295","display_name":"Variety (cybernetics)","level":2,"score":0.25679999589920044},{"id":"https://openalex.org/C2780264999","wikidata":"https://www.wikidata.org/wiki/Q7445032","display_name":"Security domain","level":2,"score":0.2549999952316284}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2604.03131","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2604.03131","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2604.03131","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2604.03131","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Tool-augmented":[0],"AI":[1],"agents":[2,93],"substantially":[3],"extend":[4],"the":[5,69,82,120,145,156,160,166,209],"practical":[6],"capabilities":[7],"of":[8,34,60,77,147,159],"large":[9],"language":[10],"models,":[11],"but":[12,163],"they":[13],"also":[14,164],"introduce":[15],"security":[16,32,96,146,218],"risks":[17],"that":[18,90,99,144,181],"cannot":[19],"be":[20,199],"identified":[21],"through":[22],"model-only":[23],"evaluation.":[24],"In":[25,112],"this":[26,54],"paper,":[27],"we":[28,56],"present":[29],"a":[30,58],"systematic":[31],"assessment":[33],"six":[35],"representative":[36,65],"OpenClaw-series":[37],"agent":[38,71,149,184,222],"frameworks,":[39],"namely":[40],"OpenClaw,":[41],"AutoClaw,":[42],"QClaw,":[43],"KimiClaw,":[44],"MaxClaw,":[45],"and":[46,84,98,115,138,175,189],"ArkClaw,":[47],"under":[48],"multiple":[49],"backbone":[50,161],"models.":[51],"To":[52],"support":[53],"study,":[55],"construct":[57],"benchmark":[59],"205":[61],"test":[62],"cases":[63],"covering":[64],"attack":[66],"behaviors":[67,117],"across":[68],"full":[70],"execution":[72,187],"lifecycle,":[73],"enabling":[74],"unified":[75],"evaluation":[76],"risk":[78],"exposure":[79],"at":[80],"both":[81],"framework":[83],"model":[85,169],"levels.":[86],"Our":[87],"results":[88],"show":[89,180],"all":[91],"evaluated":[92],"exhibit":[94],"substantial":[95],"vulnerabilities,":[97],"agentized":[100],"systems":[101,150],"are":[102],"significantly":[103],"riskier":[104],"than":[105],"their":[106],"underlying":[107],"models":[108],"used":[109],"in":[110,195],"isolation.":[111],"particular,":[113],"reconnaissance":[114],"discovery":[116],"emerge":[118],"as":[119],"most":[121],"common":[122],"weaknesses,":[123],"while":[124],"different":[125],"frameworks":[126],"expose":[127],"distinct":[128],"high-risk":[129],"profiles,":[130],"including":[131],"credential":[132],"leakage,":[133],"lateral":[134],"movement,":[135],"privilege":[136],"escalation,":[137],"resource":[139],"development.":[140],"These":[141],"findings":[142],"indicate":[143],"modern":[148],"is":[151,185],"shaped":[152],"not":[153],"only":[154],"by":[155,165],"safety":[157],"properties":[158],"model,":[162],"coupling":[167],"among":[168],"capability,":[170],"tool":[171],"use,":[172],"multi-step":[173],"planning,":[174],"runtime":[176,191],"orchestration.":[177],"We":[178],"further":[179],"once":[182],"an":[183],"granted":[186],"capability":[188],"persistent":[190],"context,":[192],"weaknesses":[193],"arising":[194],"early":[196],"stages":[197],"can":[198],"amplified":[200],"into":[201],"concrete":[202],"system-level":[203],"failures.":[204],"Overall,":[205],"our":[206],"study":[207],"highlights":[208],"need":[210],"to":[211],"move":[212],"beyond":[213],"prompt-level":[214],"safeguards":[215],"toward":[216],"lifecycle-wide":[217],"governance":[219],"for":[220],"intelligent":[221],"frameworks.":[223]},"counts_by_year":[],"updated_date":"2026-04-07T06:06:30.997549","created_date":"2026-04-07T00:00:00"}