---
id: "action-audit-agent-security"
type: "action-item"
source_timestamps: ["00:15:40"]
tags: ["cybersecurity", "risk-management"]
related: ["concept-cswsh-vulnerability"]
action: "Audit and restrict local hardware, shell, and network access granted to autonomous AI agents."
outcome: "Prevention of critical vulnerabilities like one-click Remote Code Execution (RCE) via agent hijacking."
speakers: ["Nate B. Jones"]
sources: ["s16-openclaw-saga"]
sourceVaultSlug: "s16-openclaw-saga"
originDay: 16
---
# Audit Agentic Attack Surfaces

## Action

Audit and restrict local hardware, shell, and network access granted to autonomous AI agents.

## Target Outcome

Prevention of critical vulnerabilities like one-click Remote Code Execution (RCE) via agent hijacking.

## Who

- Security teams
- Developers building or deploying AI agents
- Platform owners deciding which skills/integrations to allow in agent marketplaces

## Why Now

- The [[concept-cswsh-vulnerability]] disclosure on [[concept-openclaw-d16]] showed that a single missing Origin check enabled one-click RCE
- 21,000 instances were exposed; 1.5M agent API tokens leaked
- Traditional web app security is **insufficient** for autonomous agents that hold persistent credentials and execute shell commands

## Concrete Audit Targets

- WebSocket Origin validation (see [[prereq-websocket-security]])
- Local shell access scoping
- Browser control sandboxing
- Credential storage and rotation
- Skills marketplace secret hygiene (per [[entity-snyk]]'s 7% finding)
- Permission escalation paths inside agent gateways

## Connected Claims

Directly supports [[claim-security-is-primary-agent-bottleneck]] and engages [[question-consumer-agent-security]].