OpenClaw has rapidly established itself as a leading open-source autonomous agent runtime, offering powerful capabilities including tool integration, local file access, and shell command execution. However, these broad operational privileges introduce critical security vulnerabilities, transforming model errors into tangible system-level threats such as sensitive data leakage, privilege escalation, and malicious third-party skill execution. Existing security measures for the OpenClaw ecosystem remain highly fragmented, addressing only isolated stages of the agent lifecycle rather than providing holistic protection. To bridge this gap, we present ClawKeeper, a real-time security framework that integrates multi-dimensional protection mechanisms across three complementary architectural layers. (1) \textbf{Skill-based protection} operates at the instruction level, injecting structured security policies directly into the agent context to enforce environment-specific constraints and cross-platform boundaries. (2) \textbf{Plugin-based protection} serves as an internal runtime enforcer, providing configuration hardening, proactive threat detection, and continuous behavioral monitoring throughout the execution pipeline. (3) \textbf{Watcher-based protection} introduces a novel, decoupled system-level security middleware that continuously verifies agent state evolution. It enables real-time execution intervention without coupling to the agent's internal logic, supporting operations such as halting high-risk actions or enforcing human confirmation. We argue that this Watcher paradigm holds strong potential to serve as a foundational building block for securing next-generation autonomous agent systems. Extensive qualitative and quantitative evaluations demonstrate the effectiveness and robustness of ClawKeeper across diverse threat scenarios. We release our code.

翻译：OpenClaw已迅速成为领先的开源自主智能体运行时平台，提供工具集成、本地文件访问和Shell命令执行等强大功能。然而，这些广泛的运行权限引入了关键安全漏洞，将模型错误转化为具体的系统级威胁，例如敏感数据泄露、权限提升和恶意第三方技能执行。现有OpenClaw生态系统的安全措施高度碎片化，仅覆盖智能体生命周期的孤立阶段，未能提供整体保护。为填补这一空白，我们提出ClawKeeper，一个实时安全框架，通过三个互补的架构层集成多维保护机制。（1）\textbf{基于技能的保护}在指令层面运行，将结构化安全策略直接注入智能体上下文，以强制执行环境特定的约束和跨平台边界。（2）\textbf{基于插件的保护}作为内部运行时执行器，提供配置加固、主动威胁检测以及贯穿执行管道的持续行为监控。（3）\textbf{基于守护者的保护}引入了一种新颖的解耦系统级安全中间件，持续验证智能体状态演化。它无需耦合智能体内部逻辑即可实现实时执行干预，支持暂停高风险操作或强制人工确认等操作。我们认为，该守护者范式具有强大潜力，可作为保护下一代自主智能体系统的基础构建模块。广泛定性与定量评估证明了ClawKeeper在不同威胁场景下的有效性与鲁棒性。我们已公开代码。