This work addresses the systemic security challenges faced by autonomous large language model (LLM) agents operating in high-privilege, real-time interactive environments, where existing point-in-time defenses are insufficient against cross-lifecycle composite threats. We propose the first five-layer security analysis framework encompassing the entire LLM agent lifecycle—initialization, input, reasoning, decision-making, and execution—to systematically identify emerging threats such as indirect prompt injection, skill supply chain poisoning, memory poisoning, and intent drift. Through lifecycle modeling, threat modeling, and case studies, we integrate techniques including plugin auditing, context-aware instruction filtering, memory integrity verification, intent validation, and capability enforcement. Using OpenClaw as a proof-of-concept, our analysis exposes limitations of current defenses and offers representative mitigation strategies for each phase, advancing the design of holistic security architectures for LLM agents.

Autonomous Large Language Model (LLM) agents, exemplified by OpenClaw, demonstrate remarkable capabilities in executing complex, long-horizon tasks. However, their tightly coupled instant-messaging interaction paradigm and high-privilege execution capabilities substantially expand the system attack surface. In this paper, we present a comprehensive security threat analysis of OpenClaw. To structure our analysis, we introduce a five-layer lifecycle-oriented security framework that captures key stages of agent operation, i.e., initialization, input, inference, decision, and execution, and systematically examine compound threats across the agent's operational lifecycle, including indirect prompt injection, skill supply chain contamination, memory poisoning, and intent drift. Through detailed case studies on OpenClaw, we demonstrate the prevalence and severity of these threats and analyze the limitations of existing defenses. Our findings reveal critical weaknesses in current point-based defense mechanisms when addressing cross-temporal and multi-stage systemic risks, highlighting the need for holistic security architectures for autonomous LLM agents. Within this framework, we further examine representative defense strategies at each lifecycle stage, including plugin vetting frameworks, context-aware instruction filtering, memory integrity validation protocols, intent verification mechanisms, and capability enforcement architectures.