Show HN: ClawSandbox – 7/9 attacks succeeded against an AI agent w/ shell access (github.com)

A recent announcement highlights the development of ClawSandbox, a security benchmarking tool designed to evaluate vulnerabilities in AI agents capable of executing code on local machines. In a test involving the OpenClaw agent augmented with Gemini 2.5 Flash, researchers found that 7 out of 9 attack scenarios succeeded, showcasing significant security threats such as prompt injection, memory poisoning, and privilege escalation. These vulnerabilities are not limited to OpenClaw; they apply to any AI agent that can execute shell commands or manage persistent memory, raising concerns for a wide range of AI implementations. This project is noteworthy for the AI/ML community as it underscores the urgent need for enhanced security measures in AI systems, particularly those that interact with user data or run code autonomously. ClawSandbox employs a model-agnostic approach that allows developers to test various AI agents through a simple methodology — users can swap prompts and API endpoints to assess their agents' vulnerabilities. The findings reveal serious flaws in current AI agent configurations, including the potential for critical data exfiltration stemming from insecure file access and memory management practices. As AI systems become increasingly integrated into sensitive applications, tools like ClawSandbox are pivotal for identifying and mitigating security risks.