OpenClaw Scanner Aims to Detect AI Agent Exposure

Astrix Security has announced the general availability of OpenClaw Scanner, a free tool designed to detect deployments of the open-source AI assistant OpenClaw (also known as MoltBot) across enterprise environments. The company positions the release as a practical response to a growing security gap around autonomous “agent-style” AI assistants.

For eeNews Europe readers tracking the rapid spread of AI agents into engineering and business workflows, the news is useful because it highlights a real-world visibility problem: tools that can execute commands and authenticate into internal systems may already be running on endpoints, outside central governance. It also offers a concrete mitigation step for security teams trying to understand their exposure quickly.

Why OpenClaw is on security teams’ radar

According to the release, as agent-style AI assistants gain traction, security teams are facing a “growing blind spot” involving autonomous agents operating on endpoints. These agents may have the ability to execute commands, access files, and authenticate to internal systems, often without centralized visibility or governance.

Astrix describes OpenClaw as “a textbook example of this emerging risk,” noting that it has raised alarm across the security community. Nearly two weeks ago, security researchers disclosed “widespread exposure and authentication weaknesses” across publicly accessible OpenClaw instances. Astrix notes it conducted its own analysis after those disclosures and observed similar issues in real enterprise environments.

The company claims its findings included “critical misconfigurations” that could allow attackers to gain remote access to employee devices and establish persistent access to sensitive corporate systems such as Salesforce, GitHub, and Slack.

A free, read-only scanner

To help security professionals respond, Astrix has released OpenClaw Scanner as a standalone tool derived from the Astrix Security Platform. The company says the scanner relies on read-only EDR telemetry, runs locally, and “doesn’t execute anything on endpoints,” with the intent of avoiding additional endpoint risk or disruption.

The tool is described as a portable Python-based utility that can integrate with existing security controls and operate entirely within an organization’s perimeter. Astrix also says it produces contextual reporting that highlights where OpenClaw agents are present, including user and device context, to support faster mitigation. In addition to detection, the scanner includes remediation guidance, with step-by-step recommendations for investigating and addressing detected agent activity, Astrix notes.