This study addresses the multifaceted risks—spanning security, privacy, ethics, and traceability—posed by locally executable AI agents (e.g., OpenClaw) when integrated into personal and organizational digital environments. It presents the first systematic analysis of their architecture and functionality, with a focus on risk mechanisms inherent in critical operational scenarios such as persistent storage, tool invocation, cross-context information aggregation, multi-user interaction, and plugin integration. By combining system architecture analysis, scenario modeling, and a multidimensional risk assessment framework, the work identifies core challenges impeding trustworthy deployment. Furthermore, it articulates key open problems concerning security hardening, privacy preservation, ethical governance, and auditability, thereby offering both theoretical foundations and practical guidance for developing safer and more reliable AI agent systems.

This paper systematically investigates the security, privacy, and ethical risks, as well as the traceability challenges of OpenClaw, a locally executable AI agent system for natural language interaction and real-world task completion. While OpenClaw shows strong potential for personal assistance, office automation, cross-platform task management, and information integration, it also raises serious security, privacy, and ethical concerns. By analyzing its system architecture, core functionalities, deployment model, and representative application scenarios, this paper aims to reveal the risks that may arise when such a highly privileged agent is integrated into personal and organizational digital environments. We focus in particular on the challenges associated with persistent local storage, tool invocation, cross-context information aggregation, multi-user interaction, and the integration of plugins and external services. We argue that these issues constitute major barriers to the trustworthy deployment and widespread adoption of this technology. Finally, we summarize the open challenges in security defenses, privacy protection, ethical governance, and traceability in agent use, and call for joint efforts from researchers, developers, deployers, and regulators to build AI agent systems that are safer, more reliable, and more trustworthy.