Autonomous large language model (LLM) agents such as OpenClaw are pushing agentic commerce from human-supervised assistance toward machine actors that can negotiate, purchase services, manage digital assets, and execute transactions across on-chain and off-chain environments. Protocols such as the Trustless Agents standard (ERC-8004), Agent Payments Protocol (AP2), OKX Agent Payments Protocol (APP), the HTTP 402-based payment protocol (x402), Agent Commerce Protocol (ACP), the Agentic Commerce standard (ERC-8183), and Machine Payments Protocol (MPP) enable this transition, but they also create an attack surface that existing security frameworks do not capture well. This Systematization of Knowledge (SoK) develops a unified security framework for autonomous LLM agents in commerce and finance. We organize threats along five dimensions: agent integrity, transaction authorization, inter-agent trust, market manipulation, and regulatory compliance. From a systematically curated public corpus of academic papers, protocol documents, industry reports, and incident evidence, we derive 12 cross-layer attack vectors and show how failures propagate from reasoning and tooling layers into custody, settlement, market harm, and compliance exposure. We then propose a layered defense architecture addressing authorization gaps left by current agent-payment protocols. Overall, our analysis shows that securing agentic commerce is inherently a cross-layer problem that requires coordinated controls across LLM safety, protocol design, identity, market structure, and regulation. We conclude with a research roadmap and a benchmark agenda for secure autonomous commerce.

翻译：自主大型语言模型（LLM）智能体（如OpenClaw）正将代理商务从人类监督式辅助推向机器行为体——这些行为体能够谈判、购买服务、管理数字资产，并在链上与链下环境执行交易。诸如Trustless Agents标准（ERC-8004）、Agent Payments Protocol（AP2）、OKX Agent Payments Protocol（APP）、基于HTTP 402的支付协议（x402）、Agent Commerce Protocol（ACP）、Agentic Commerce标准（ERC-8183）以及Machine Payments Protocol（MPP）等协议推动了这一转型，但同时也引入了现有安全框架未能充分应对的攻击面。本系统化知识（SoK）为商务与金融领域的自主LLM智能体构建了一个统一的安全框架。我们沿五个维度组织威胁：智能体完整性、交易授权、智能体间信任、市场操纵以及法规遵从。从系统整理的公共语料库（包括学术论文、协议文档、行业报告及事件证据）中，我们推导出12个跨层攻击向量，并展示了故障如何从推理与工具层蔓延至托管、结算、市场损害及合规风险。随后，我们提出了一种分层防御架构，以弥补当前智能体支付协议中存在的授权缺口。总体而言，我们的分析表明，保护代理商务的安全性本质上是一个跨层问题，需要在LLM安全、协议设计、身份、市场结构及监管之间进行协调控制。最后，我们提出了面向安全自主商务的研究路线图与基准测试议程。