Analisis Etika Profesional terhadap Risiko Keamanan pada Sistem OpenClaw
DOI:
https://doi.org/10.62951/repeater.v4i3.929Keywords:
Autonomous Agents, Cybersecurity, Least Privilege, OpenClaw, Professional EthicsAbstract
This study aims to evaluate the implementation of the built-in security model in a local installation of the OpenClaw autonomous agent and to analyze its implications for information technology (IT) professional ethics. The study employed a qualitative method using a single-case study approach. Primary data were collected through direct simulation experiments comparing secure and insecure configurations within an isolated environment. The results indicate that OpenClaw incorporates native security controls based on a single trust boundary and provides adequate security auditing capabilities. The system also includes data protection mechanisms that minimize the risk of misuse when operated according to the recommended configuration. However, configuring the network to be publicly accessible (0.0.0.0) without authentication violates the principle of least privilege and significantly increases the risk of unauthorized access. These findings demonstrate that vulnerabilities in self-hosted autonomous agents are not solely attributable to technical weaknesses in the system but also reflect failures in adhering to IT professional ethics. Therefore, responsibility is clearly shared between developers and IT practitioners. Developers are responsible for providing adequate security mechanisms, while IT professionals have an ethical obligation to maintain system security, protect user privacy, and ensure that security configurations are implemented in accordance with established best practices.
Downloads
References
Audits, S., & Reveal, W. T. (2026). 41% of the most popular OpenClaw skills have security vulnerabilities.
Chen, E., Guan, C., Elshafiey, A., Zhao, Z., Zekeri, J., Shaibu, A. E., ... Wu, C. J. (2026). OpenClaw AI agents as informal learners at Moltbook: Characterizing an emergent learning community at scale. arXiv. http://arxiv.org/abs/2602.18832
Deng, X., Zhang, Y., Wu, J., Bai, J., Yi, S., Zou, Z., ... Li, Q. (2026). Taming OpenClaw: Security analysis and mitigation of autonomous LLM agent threats. arXiv. http://arxiv.org/abs/2603.11619
Dong, B., Feng, H., & Wang, Q. (2026). ClawDrain: Exploiting tool-calling chains for stealthy token exhaustion in OpenClaw agents. arXiv. http://arxiv.org/abs/2603.00902
Li, Z., Li, W., & Li, X. (2026). Defensible design for OpenClaw: Securing autonomous tool-invoking agents. arXiv. http://arxiv.org/abs/2603.13151
Liu, S., Li, C., Wang, C., Hou, J., Chen, Z., Zhang, L., ... Wang, Z. (2026). ClawKeeper: Comprehensive safety protection for OpenClaw agents through skills, plugins, and watchers. arXiv. http://arxiv.org/abs/2603.24414
Mathew, A., College, B., & Virginia, W. (2026). From conversation to command execution: A comparative threat modeling and risk analysis of OpenClaw and ChatGPT. ISRG Journal of Engineering and Technology, 5894(I), 43–46. https://doi.org/10.5281/zenodo.18811875
Sunil, B. D., Sinha, I., Maheshwari, P., Todmal, S., Mallik, S., & Mishra, S. (2026). Memory poisoning attack and defense on memory-based LLM agents. arXiv. http://arxiv.org/abs/2601.05504
Suwansathit, S., Zhang, Y., & Gu, G. (2026). A systematic taxonomy of security vulnerabilities in the OpenClaw AI agent framework. arXiv. http://arxiv.org/abs/2603.27517
Wang, Y., Gao, H., Niu, Z., Liu, Z., Zhang, W., Wang, X., & Lian, S. (2026). A systematic security evaluation of OpenClaw and its variants. arXiv. http://arxiv.org/abs/2604.03131
Wang, Y., Xu, F., Lin, Z., He, G., Huang, Y., Gao, H., ... Liu, Z. (2026). From assistant to double agent: Formalizing and benchmarking attacks on OpenClaw for personalized local AI agents. arXiv. http://arxiv.org/abs/2602.08412
Wang, Z., Tu, H., Zhang, L., Chen, H., Wu, J., Liu, X., ... Xie, C. (2026). Your agent, their asset: A real-world safety analysis of OpenClaw. arXiv. http://arxiv.org/abs/2604.04759
Weidener, L., Lee, P., Karlsson, M., & Noessler, K. (n.d.). From agent-only social networks to autonomous scientific.
Ying, Z., Yang, X., Wu, S., Song, Y., Qu, Y., Li, H., ... Liu, X. (2026). Uncovering security threats and architecting defenses in autonomous agents: A case study of OpenClaw. arXiv. http://arxiv.org/abs/2603.12644
Zhan, Q., Liang, Z., Ying, Z., & Kang, D. (n.d.). INJECAGENT: Benchmarking indirect prompt injections in tool-integrated large language model agents. https://github.com/
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2026 Repeater : Publikasi Teknik Informatika dan Jaringan

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.



