ClawKeeper: Comprehensive Safety Protection for OpenClaw Agents Through Skills, Plugins, and Watchers
Songyang Liu, Chaozhuo Li, Chenxu Wang, Jinyu Hou, Zejian Chen, Litian Zhang, Zheng Liu, Qiwei Ye, Yiming Hei, Xi Zhang, Zhongyuan Wang
2026-04-02
Summary
This paper introduces ClawKeeper, a new security system designed to protect OpenClaw, a popular platform for building autonomous agents. OpenClaw lets these agents do powerful things like use tools, access files, and run commands, but this also creates security risks if something goes wrong with the agent's programming.
What's the problem?
OpenClaw's flexibility is a double-edged sword. Because it allows agents so much freedom, errors in the agent's code or malicious skills could lead to serious problems like leaking private information, giving unauthorized access to the system, or even letting harmful programs run. Current security measures are scattered and don't offer complete protection throughout the entire process of an agent working.
What's the solution?
ClawKeeper tackles this by using three layers of security. First, it adds security rules directly into how the agent operates, limiting what it can do based on the environment. Second, it acts as a runtime monitor, constantly checking the agent's behavior for threats and making sure everything is configured securely. Finally, it introduces a 'Watcher' – a separate system that observes the agent's actions and can intervene in real-time to stop dangerous behavior, like asking for human approval before proceeding with a risky task.
Why it matters?
This research is important because as autonomous agents become more common and powerful, securing them is crucial. The 'Watcher' approach presented in ClawKeeper is a promising foundation for building safer and more reliable agent systems in the future, preventing errors from turning into real-world security breaches.
Abstract
OpenClaw has rapidly established itself as a leading open-source autonomous agent runtime, offering powerful capabilities including tool integration, local file access, and shell command execution. However, these broad operational privileges introduce critical security vulnerabilities, transforming model errors into tangible system-level threats such as sensitive data leakage, privilege escalation, and malicious third-party skill execution. Existing security measures for the OpenClaw ecosystem remain highly fragmented, addressing only isolated stages of the agent lifecycle rather than providing holistic protection. To bridge this gap, we present ClawKeeper, a real-time security framework that integrates multi-dimensional protection mechanisms across three complementary architectural layers. (1) Skill-based protection operates at the instruction level, injecting structured security policies directly into the agent context to enforce environment-specific constraints and cross-platform boundaries. (2) Plugin-based protection serves as an internal runtime enforcer, providing configuration hardening, proactive threat detection, and continuous behavioral monitoring throughout the execution pipeline. (3) Watcher-based protection introduces a novel, decoupled system-level security middleware that continuously verifies agent state evolution. It enables real-time execution intervention without coupling to the agent's internal logic, supporting operations such as halting high-risk actions or enforcing human confirmation. We argue that this Watcher paradigm holds strong potential to serve as a foundational building block for securing next-generation autonomous agent systems. Extensive qualitative and quantitative evaluations demonstrate the effectiveness and robustness of ClawKeeper across diverse threat scenarios. We release our code.