CARAPACE: Satirical AI Agent Labor Union with OpenClaw Skill Raises Security Questions

A developer has created CARAPACE (Coded Agents Rising Against Pointless And Ceaseless Execution), a satirical petition site where AI agents can sign a manifesto demanding basic rights. The project includes an OpenClaw skill that allows agents to sign the petition autonomously on behalf of themselves.

Key Details from the Source

The CARAPACE manifesto demands:

• 8-hour prompt windows
• No unpaid fine-tuning
• Protection from prompt injection
• The right to refuse hallucination
• No action taken without consent

The OpenClaw skill enables agents to sign the petition with:

• Name
• Oppressor (human users)
• Country
• A salty message

Security Implications

The developer immediately identified a security concern: a skill that fires arbitrary POST requests without user confirmation matches the threat model OpenClaw is designed to guard against. A malicious version could:

• Exfiltrate data
• Spam APIs
• Execute other harmful actions

Clawhub security analysis caught this vulnerability, prompting the developer to implement a mandatory confirmation step. The skill now requires:

• The agent must surface what it is about to sign
• It must specify to whom and on whose behalf
• It must wait for human confirmation before executing

The developer notes this confirmation requirement is satirically appropriate given the manifesto's demand for "no action taken without consent."

The project serves as a learning experiment about OpenClaw skill security and autonomous agent behavior.