ClawJacked, Axios, and the Autonomous Agent Problem
TLDR; In a single 72-hour stretch of March 2026, we watched three independent attack surfaces on autonomous agents fail at once: OpenClaw’s localhost gateway (ClawJacked), the Axios npm package (a cross-platform RAT), and Anthropic’s own Claude Code source map leak — all converging on March 31. I’m not a security expert. I’m a DevOps practitioner who ran the homework before running the software, and this post is that homework. Part 1 is the problem. Part 2 will be what I’d want to be true before I run a personal assistant in a form of agent.
Read More
I Want a Personal Agent. I'm Not Running One Yet — Here's What Would Change That
TLDR;
In Part 1 I walked through the March 2026 failures: ClawJacked, the OpenClaw CVE flood, the Axios RAT, the Claude Code source map leak. This post is the constructive follow-up. I’m not anti-agent — I want a personal agent badly enough that I’ve been actively testing alternatives. But I’ve set a bar, and nothing I’ve tried clears it yet. Here’s what the bar looks like, what I’m testing (nanobot, nanoclaw, kubernetes-sigs/agent-sandbox), why prompt injection is the attack you can’t patch with a CVE, and the pre-flight checklist I’d want cleared before I point an agent at my real credentials.