Autonomous agents such as OpenClaw, endowed with operating system–level privileges and tool-calling capabilities, face emerging security threats—including prompt injection, remote code execution, and supply chain poisoning—that render conventional content filtering mechanisms inadequate. This work proposes a three-dimensional threat taxonomy spanning the AI cognitive layer, software execution layer, and information system layer, and introduces FASA, a full-lifecycle agent security architecture that integrates zero-trust execution, dynamic intent verification, and cross-layer reasoning-action correlation mechanisms. Building upon this framework, we implement ClawGuard, an open-source system that establishes the first comprehensive defense paradigm bridging theoretical modeling and practical deployment, thereby advancing autonomous agents toward high-assurance trustworthiness.

The rapid evolution of Large Language Models (LLMs) into autonomous, tool-calling agents has fundamentally altered the cybersecurity landscape. Frameworks like OpenClaw grant AI systems operating-system-level permissions and the autonomy to execute complex workflows. This level of access creates unprecedented security challenges. Consequently, traditional content-filtering defenses have become obsolete. This report presents a comprehensive security analysis of the OpenClaw ecosystem. We systematically investigate its current threat landscape, highlighting critical vulnerabilities such as prompt injection-driven Remote Code Execution (RCE), sequential tool attack chains, context amnesia, and supply chain contamination. To systematically contextualize these threats, we propose a novel tri-layered risk taxonomy for autonomous Agents, categorizing vulnerabilities across AI Cognitive, Software Execution, and Information System dimensions. To address these systemic architectural flaws, we introduce the Full-Lifecycle Agent Security Architecture (FASA). This theoretical defense blueprint advocates for zero-trust agentic execution, dynamic intent verification, and cross-layer reasoning-action correlation. Building on this framework, we present Project ClawGuard, our ongoing engineering initiative. This project aims to implement the FASA paradigm and transition autonomous agents from high-risk experimental utilities into trustworthy systems. Our code and dataset are available at https://github.com/NY1024/ClawGuard.