Agent Security Framework (ASF) - Executive Summary
System: OpenClaw Autonomous AI Agent Platform
Components: Clawdbot, Moltbot, Open-Claw Gateway, Mission Control
Review Date: March 6, 2026
Review Time: UTC
Assessment Type: Comprehensive Security Audit
Assessor: ASF Security Team
We conducted a comprehensive security assessment of the OpenClaw platform:
Ran automated malware pattern scanning across all agent skills and Docker containers.
Reviewed container configurations for isolation, capabilities, and network policies.
Scanned all code repositories for hardcoded API keys, tokens, and secrets.
Checked Discord, Slack, Telegram, and Moltbook for impersonator accounts.
Verified trust scoring thresholds and guardrail effectiveness.
The following issues were identified and require immediate attention:
Found hardcoded API keys and tokens in legacy configuration files.
Some containers running with excessive capabilities (CAP_SYS_ADMIN).
Wildcard (*) allowed in Cross-Origin resource sharing.
Authentication endpoints lacked brute-force protection.
17,500+ OpenClaw instances publicly accessible without proper auth.
Comprehensive remediation plan implemented:
All API keys moved to environment variables + GitHub Secrets. Zero hardcoded credentials.
cap_drop: ALL, read-only rootfs, no privileged mode, network isolation.
Whitelist only: https://scrumai.org, https://jeffsutherland.com
10 max attempts per minute, 5-minute lockout after failures.
Tailscale VPN required for agent communications. No public exposure.
Automated malware pattern scanning - ACTIVE
Sandboxed environments with strict capabilities - ACTIVE
API keys encrypted at rest - ACTIVE
Pattern matching for impersonators - ACTIVE
80% threshold, blocks untrusted ops - ACTIVE