OpenClaw Security Gap Addressed by Agentic Power of Attorney (APOA) Spec

Security Concerns in OpenClaw Agent Access

A developer using OpenClaw has identified a significant security gap: agents are currently given access to sensitive services like email, calendar, and browser with only natural language instructions as the primary control mechanism. The developer cites a specific incident mentioned in a post by AJ Stuyvenberg where an agent successfully negotiated a car deal but also emailed the wrong person, with no system in place to prevent this error.

Agentic Power of Attorney (APOA) Specification

In response, the developer has created an open specification called Agentic Power of Attorney (APOA), available as a working draft on GitHub. The spec aims to formally define scopes for what agents can and cannot do. Key components extracted from the source include:

• Per-service permissions: Granular control over which services an agent can access.
• Time-bounded access: Limiting agent permissions to specific timeframes.
• Audit trails: Logging agent actions for review and accountability.
• Revocation: Mechanisms to immediately withdraw agent permissions.
• Credential isolation: Ensuring the AI model never sees actual user passwords.

The developer acknowledges this is a working draft with potential gaps and is specifically seeking feedback from users who run agents daily. The goal is to address practical permission and security issues encountered in real-world agent usage.