Thanks for helping make OpenClaw more secure. This threat model is a living document and we welcome contributions from anyone – you don’t need to be a security expert.<\/p>\n
Spotted an attack vector or risk we haven’t covered? Open an issue on openclaw\/trust<\/a> and describe it in your own words. You don’t need to know any frameworks or fill in every field – just describe the scenario.<\/p>\n Helpful to include (but not required):<\/strong><\/p>\n We’ll handle the ATLAS mapping, threat IDs, and risk assessment during review. If you want to include those details, great – but it’s not expected.<\/p>\n This is for adding to the threat model, not reporting live vulnerabilities.<\/strong> If you’ve found an exploitable vulnerability, see our Trust page<\/a> for responsible disclosure instructions.<\/p>\n<\/blockquote>\n Have an idea for how to address an existing threat? Open an issue or PR referencing the threat. Useful mitigations are specific and actionable – for example, “per-sender rate limiting of 10 messages\/minute at the gateway” is better than “implement rate limiting.”<\/p>\n Attack chains show how multiple threats combine into a realistic attack scenario. If you see a dangerous combination, describe the steps and how an attacker would chain them together. A short narrative of how the attack unfolds in practice is more valuable than a formal template.<\/p>\n Typos, clarifications, outdated info, better examples – PRs welcome, no issue needed.<\/p>\n This threat model is built on MITRE ATLAS<\/a> (Adversarial Threat Landscape for AI Systems), a framework designed specifically for AI\/ML threats like prompt injection, tool misuse, and agent exploitation. You don’t need to know ATLAS to contribute – we map submissions to the framework during review.<\/p>\n Each threat gets an ID like \n
\n
Suggest a Mitigation<\/h3>\n
Propose an Attack Chain<\/h3>\n
Fix or Improve Existing Content<\/h3>\n
What We Use<\/h2>\n
MITRE ATLAS<\/h3>\n
Threat IDs<\/h3>\n
T-EXEC-003<\/code>. The categories are:<\/p>\n