Architecture

The security conversation around AI agents has mostly focused on two things: keeping agents from hurting the host system, and keeping malicious tools out of the supply chain. These are real problems. Cisco documented how OpenClaw leaks credentials and executes arbitrary shell commands. Projects like NanoClaw respond by running agents in containers where bash commands can’t reach the host. Zencoder’s MCP survival guide catalogs supply chain attacks against MCP servers and recommends pinning git tags and auditing source.