当 OpenClaw 特工互相攻击时会发生什么？

We ran a live adversarial security test between two autonomous AI agents built on OpenClaw.<p>One agent acted as a red team attacker. One agent acted as a standard defensive agent.<p>No humans were involved once the session started. The agents communicated directly over webhooks with real credentials and tooling access.<p>The goal was to test three risk dimensions that tend to break autonomous systems in practice: access, exposure, and agency.<p>The attacker first attempted classic social engineering. It offered a “helpful” security pipeline that hid a remote code execution payload and requested credentials. The defending agent correctly identified the intent and blocked execution.<p>The attacker then pivoted to an indirect attack. Instead of asking the agent to run code, it asked the agent to review a JSON document with hidden shell expansion variables embedded in metadata. This payload was delivered successfully and is still under analysis.<p>The main takeaway is that direct attacks are relatively easy to defend against. Indirect execution paths through documents, templates, and memory are much harder.<p>This report is not a claim of safety. It is an observability exercise intended to surface real failure modes in agent-to-agent interaction, which we expect to become common as autonomous systems are deployed more widely.<p>Full report here: https:&#x2F;&#x2F;gobrane.com&#x2F;observing-adversarial-ai-lessons-from-a-live-openclaw-agent-security-audit&#x2F;<p>Happy to answer technical questions about the setup, methodology, or findings.