OpenClaw Scanner: Open-source tool detects autonomous AI agents
A new free, open source tool is available to help organizations detect where autonomous AI agents are operating across corporate environments. The OpenClaw Scanner identifies instances of OpenClaw, an autonomous AI assistant also known as MoltBot, that can execute tasks, access local files, and authenticate to internal systems without centralized oversight.
OpenClaw gained usage in the past few months as an AI agent capable of performing actions on behalf of users. The software can run locally or in the cloud, using messaging platforms as an interface and leveraging autonomous decision-making to carry out tasks across services.
Many deployments of OpenClaw have shown exposed interfaces and authentication weaknesses. Security researchers have documented cases where misconfigured instances could expose API keys, cloud credentials, and access to systems such as Salesforce, GitHub, and Slack.
OpenClaw Scanner runs against existing endpoint detection and response telemetry with read-only access. It analyzes behavioral indicators of OpenClaw activity on endpoints, and it does not install new agents or transmit data externally. This approach is designed to work within existing security controls without adding code to monitored systems.
The tool operates as a local script that works with data from EDR platforms like CrowdStrike or Microsoft Defender. It produces portable reports that remain within organizational environments and include context such as which devices and users exhibited OpenClaw activity.
“The new scanner was purpose-built for enterprise organizations to safely utilize a read-only approach over EDR logs without executing code on endpoints or sharing data outside the organization,” Ofek Amir, VP of R&D at Astrix Security, told Help Net Security.
Astrix Security plans to expand the scanner’s capabilities based on adoption and demand. “We’re planning for ongoing enhancements, especially as there’s more demand for the tool,” Amir said. “We may add SentinelOne based scanning, additional agents detection in addition to OpenClaw if we see similar interest.”
OpenClaw Scanner is available for free on PyPI.
Must read:
- 40 open-source tools redefining how security teams secure the stack
- Firmware scanning time, cost, and where teams run EMBA
Subscribe to the Help Net Security ad-free monthly newsletter to stay informed on the essential open-source cybersecurity tools. Subscribe here!