This work addresses workflow hijacking attacks against large language model (LLM) agents, which can manipulate tool invocations while evading host-based logging defenses. To counter this threat, the authors propose the first out-of-band monitoring approach leveraging electromagnetic side channels. By employing software-defined radio to capture device electromagnetic emissions, the method detects unique macro-scale electromagnetic signatures induced by hardware utilization patterns during skill execution, enabling physical-layer, tamper-proof auditing of workflow states. Integrated with a drift-aware processing pipeline and 320-dimensional feature extraction, the system achieves an AUC of 0.9945, 100% true positive rate, and only 1.16% false positive rate on 7.82 TB of radio-frequency data, thereby transcending conventional security paradigms that rely on trusted host environments.

Autonomous LLM agents face a critical security risk known as workflow hijacking, where attackers subtly alter tool and skill invocations. Existing defenses rely on host-internal telemetry (such as audit logs), which can be forged if the host OS is compromised. To solve this, we introduce ClawGuard, a passive, out-of-band monitor that audits LLM-agent workflows using electromagnetic (EM) emanations. Because distinct agent skills create unique hardware usage patterns (computation, DRAM, network blocking), they emit measurable, macroscopic EM envelopes. External software-defined radios (SDRs) capture these physical signals. Using a drift-aware pipeline with 320-dimensional features, ClawGuard converts RF streams into physical evidence. Evaluated on a 7.82TB RF corpus, ClawGuard achieved an AUC of 0.9945, detecting attacks with a 100% true-positive rate and a 1.16% false-positive rate. This proves passive EM sensing is a practical, forge-resistant physical check against compromised host software.