Last week I pointed a security scanner at my own AI agent — the one with shell access, browser control, email, and messaging — and threw every attack I could think of. Some of it was terrifying. All of it was educational. This is that story. The Problem Nobody’s Talking About (Yet) Your AI agent isn’t a chatbot anymore. It’s an operator. The agent I run daily — built on OpenClaw — can execute shell commands, control a browser, send emails and Telegram messages, read and write files, and manage background processes. It’s incredibly productive. It’s also an attack surface the security industry is just waking up to. In February 2026, the alarm bells started ringing in unison: CrowdStrike flagged agentic AI as a top emerging threat vector Cisco published research on tool-augmented LLM exploitation Jamf warned about agents with device-level access OWASP released the Top 10 for Agentic AI — a dedicated threat taxonomy for autonomous systems The consensus: agents that can act can be exploited. Prompt injection isn’t theoretical anymore when the agent has rm -rf at its fingertips. I went looking for a scanner purpose-built for this. Found nothing production-ready. So I built one. Meet ClawMoat ClawMoat is an open-source security scanner designed specifically for AI agent sessions. Not web apps. Not APIs. Agents. The stats: 8 scanner modules covering the full agent threat surface 37 individual tests across injection, leakage, exfiltration, poisoning, and more Zero dependencies — pure Node.js, no node_modules black hole MIT licensed —…
Want more insights? Join Grow With Caliber - our career elevating newsletter and get our take on the future of work delivered weekly.
