Personalized computer-use agents are rapidly moving from expert communities into mainstream use. Unlike conventional chatbots, these systems can install skills, invoke tools, access private resources, and modify local environments on users' behalf. Yet users often do not know what authority they have delegated, what the agent actually did during task execution, or whether the system has been safely removed afterward. We investigate this gap as a combined problem of risk understanding and post-hoc auditability, using OpenClaw as a motivating case. We first build a multi-source corpus of the OpenClaw ecosystem, including incidents, advisories, malicious-skill reports, news coverage, tutorials, and social-media narratives. We then conduct an interview study to examine how users and practitioners understand skills, autonomy, privilege, persistence, and uninstallation. Our findings suggest that participants often recognized these systems as risky in the abstract, but lacked concrete mental models of what skills can do, what resources agents can access, and what changes may remain after execution or removal. Motivated by these findings, we propose AgentTrace, a traceability framework and prototype interface for visualizing agent actions, touched resources, permission history, provenance, and persistent side effects. A scenario-based evaluation suggests that traceability-oriented interfaces can improve understanding of agent behavior, support anomaly detection, and foster more calibrated trust.

翻译：个性化计算机使用代理正迅速从专家社区走向主流应用。与传统聊天机器人不同，这些系统能够代表用户安装技能、调用工具、访问私有资源以及修改本地环境。然而，用户往往不清楚自己已授权哪些权限、代理在执行任务时究竟做了什么，或者系统事后是否已被安全移除。我们将这一差距作为风险理解与事后可审计性的结合问题展开研究，并以OpenClaw作为典型案例。我们首先构建了一个包含OpenClaw生态系统多源语料的语料库，涵盖事件、建议、恶意技能报告、新闻报道、教程及社交媒体叙述。随后，我们通过访谈研究，考察用户和从业者如何理解技能、自主性、权限、持久性与卸载。研究结果表明，参与者通常抽象地认识到这些系统存在风险，但缺乏具体的心智模型来理解技能能够做什么、代理可以访问哪些资源，以及在执行或移除后哪些变更可能持续存在。基于这些发现，我们提出了AgentTrace，这是一个可追溯性框架及原型界面，用于可视化代理动作、被触及资源、权限历史、来源及持久副作用。基于场景的评估表明，面向可追溯性的接口能够增进对代理行为的理解、支持异常检测，并培养更校准的信任。