This work addresses novel security threats emerging from OpenClaw agents, which stem from their high-privilege operations and persistent memory mechanisms—specifically, skill poisoning, cognitive manipulation, multi-agent cascading failures, and supply chain vulnerabilities. The paper presents the first systematic security framework tailored to OpenClaw, establishing a layered threat model that spans reasoning, execution, and interaction phases through comprehensive threat modeling, architectural analysis, and case studies. It introduces a lifecycle-wide threat taxonomy, elucidates fundamental security risks distinct from those of traditional AI agents, reviews effective mitigation strategies, and highlights critical challenges in the current ecosystem concerning reliability and trustworthiness.

The rapid evolution of large language model (LLM)-driven autonomous agents has given rise to OpenClaw, a new class of open-source agent frameworks that operate as continuously running, skill-augmented systems with persistent memory, multi-channel interaction, and high degrees of autonomy. Such capabilities enable OpenClaw agents to autonomously execute complex, multi-step tasks and interact seamlessly with external applications, but simultaneously introduce a substantially enlarged attack surface. In particular, the combination of high-privilege operations and persistent memory exposes OpenClaw agents to various emerging threats, including skill poisoning, cognitive manipulation, multi-agent cascading failures, and supply-chain vulnerabilities. In this survey, we present a comprehensive study of the security landscape of OpenClaw agents. We first examine the general architecture and key characteristics that distinguish OpenClaw agents from traditional AI agent systems. We categorize existing security and privacy threats into a layered framework and analyze how vulnerabilities arise during agent reasoning, action execution, and external interaction. Representative defense mechanisms are also reviewed to draw the current defense landscape. Finally, several unresolved issues related to the reliability and trustworthiness of OpenClaw ecosystems are discussed.