Astrix Security today released OpenClaw Scanner, a free Python-based tool that detects OpenClaw (also known as MoltBot) deployments across enterprise environments using read-only EDR telemetry. The release comes two weeks after security researchers exposed widespread authentication weaknesses in publicly accessible OpenClaw instances. The scanner addresses what Astrix calls a growing blind spot: autonomous AI agents running on endpoints with command execution, file access, and internal system authentication โ€” all without centralized governance or visibility.

The OpenClaw Security Problem

Astrix's own analysis found critical misconfigurations in real enterprise environments that could enable attackers to gain remote access to employee devices and establish persistent access to corporate systems like Salesforce, GitHub, and Slack. "OpenClaw and similar autonomous agents represent a breakthrough in operational automation, but they also introduce unprecedented risk," said Idan Gour, Astrix Security Co-Founder and President. "The OpenClaw Scanner is purpose-built to help teams answer the critical question: Are AI agents running in my environment?"

How the Scanner Works

The tool is non-intrusive โ€” it uses read-only EDR data to identify evidence of OpenClaw execution without deploying additional agents or executing code on target systems. It's designed as a portable Python tool that integrates with existing security controls and runs entirely within an organization's perimeter. The scanner generates clear, portable reports highlighting where OpenClaw agents are present, with user and device context to support rapid mitigation. It also includes step-by-step recommendations for investigating and addressing detected agent activity.

Why This Matters

Agent-style AI assistants are gaining traction in enterprises, but they're creating a new class of Shadow AI risk. These agents can enable shell access, data movement, and network connectivity outside standard security controls. Astrix notes that AI agents and other Non-Human Identities (NHIs) now outnumber humans 100:1 in enterprise environments, yet remain largely ungoverned โ€” creating what the company calls "the biggest blindspot in our identity perimeter."

Key Takeaways

  • OpenClaw Scanner is available as a free download via PyPI (pypi.org/project/astrix-openclaw-scanner/)
  • Uses read-only EDR telemetry โ€” no code execution on endpoints
  • Provides user and device context for rapid mitigation
  • Astrix plans ongoing enhancements and threat detection research

The Bottom Line

This is the first major security vendor to release a dedicated detection tool for OpenClaw โ€” a sign that autonomous AI agents are moving from experimental to enterprise threat. If you're running OpenClaw in your org, your security team probably wants to know about it. Now they can find out without asking.