Detecting Enterprise Autonomous AI Agents with OpenClaw’s First Open‑Source Scanner

A new free open‑source tool, the OpenClaw scanner, has been released to help organizations detect autonomous AI agents—specifically instances of OpenClaw (also known as MoltBot)—running in their enterprise environments.

Recent deployments of OpenClaw have revealed security risks such as exposed APIs, leaked API keys, cloud credentials, and unauthorized access to systems like Salesforce, GitHub, and Slack due to misconfigurations.

The scanner operates in a non‑invasive, read‑only mode. It analyzes existing endpoint detection and response (EDR) telemetry data—e.g., from CrowdStrike or Microsoft Defender—by looking for behavioral indicators of OpenClaw activity, without installing new agents or transmitting data outside the network.

Reports generated by the scanner remain inside the organization and include contextual information about the devices and users involved in the detected activity.

According to Ofek Amir, Vice President of Research and Development at Astrix Security, the design intentionally avoids executing code on endpoints or sharing data externally, making it suitable for enterprise use. Amir also indicated plans to extend the scanner to support additional agents such as SentinelOne and to add detection capabilities beyond OpenClaw as demand grows.

The OpenClaw scanner is publicly available on PyPI.