How to test OpenClaw without giving an autonomous agent shell access to your corporate laptop

Security leaders have been faced with a new challenge as OpenClaw, an open-source AI agent, has seen a rapid increase in deployments, both at home and in corporate environments. Censys and Bitdefender have tracked the exponential growth of OpenClaw instances, with over 21,000 publicly exposed deployments in just under a week. This surge in adoption has raised concerns about the security risks associated with deploying OpenClaw on corporate machines.

Several critical vulnerabilities have been identified in OpenClaw, including CVE-2026-25253, a remote code execution flaw that allows attackers to steal authentication tokens and achieve full gateway compromise in milliseconds. Another vulnerability, CVE-2026-25157, enables arbitrary command execution through the macOS SSH handler. Additionally, a security analysis of skills on the ClawHub marketplace revealed that 7.1% of the registry contains critical security flaws that expose sensitive credentials in plaintext.

The security risks extend beyond OpenClaw itself, as the Moltbook AI agent social network, built on OpenClaw infrastructure, left its entire Supabase database publicly accessible, exposing API authentication tokens, email addresses, and plaintext OpenAI API keys. Furthermore, approximately 17% of skills analyzed exhibited malicious behavior.

To address these security concerns, Cloudflare has introduced the Moltworker framework, which provides a secure evaluation environment for OpenClaw. The framework utilizes ephemeral containers that isolate the agent, encrypted storage for persistent state, and Zero Trust authentication on the admin interface. This approach ensures that the agent is contained and secure, reducing the risk of data breaches and unauthorized access.

Setting up a secure evaluation instance using the Moltworker framework involves configuring storage and billing, generating tokens, deploying the agent, enabling Zero Trust authentication, and connecting a test messaging channel. The total cost for a 24/7 evaluation instance is affordable, making it a cost-effective solution for evaluating OpenClaw securely.

During the initial 30 days of evaluation, it is crucial to create dedicated test accounts and synthetic data to observe how the agent handles tasks without exposing sensitive information. Adversarial tests can be conducted in the sandbox environment to assess the agent’s behavior under risky conditions, such as prompt injection attacks and unauthorized access attempts.

By following a structured evaluation framework using the Moltworker sandbox, organizations can ensure that they are prepared to handle agentic AI deployments securely. Building evaluation infrastructure now will help security leaders stay ahead of the curve and mitigate the risks associated with deploying AI agents like OpenClaw.