AgentReadyHomeAgent Listing

← Clawmium

Clawmium — agentic threat model

8.6AIVSS 8.6 · High

Clawmium is an infrastructure hosting platform for OpenClaw agents rather than an active AI agent itself, presenting high infrastructure-level risks due to provisioning full root access on VPS instances without built-in security guardrails.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.5AARS uplift 0.14Factor sum 0.9/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.10
Goal-Driven Planning
0.10
Self-Modification
0.00
Dynamic Tool Use
0.20
Persistent Memory
0.10
Contextual Awareness
0.10
Dynamic Identity
0.00
Multi-Agent Interactions
0.10
Non-Determinism
0.10
Opacity & Reflexivity
0.10

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — Clawmium is an infrastructure hosting platform; the specific foundation models used, and their associated adversarial or alignment risks, depend entirely on the user's OpenClaw configuration.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — While Clawmium hosts the VPS, data operations, vector databases, and RAG pipelines are managed within the deployed OpenClaw framework rather than by Clawmium itself.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — The orchestration, planning, and tool-calling capabilities are defined by the OpenClaw framework and user-developed agent code, not Clawmium's deployment layer.

L4 · Deployment & Infrastructure✓ mapped

Clawmium provides self-hostable cloud hosting with full root access on global VPS locations. This introduces significant risks of host compromise, privilege escalation, and lateral movement if the deployed OpenClaw instance or the VPS itself is misconfigured.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — Clawmium simplifies infrastructure setup but does not explicitly mention built-in evaluation, guardrails, or observability tools for the hosted agents.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — Clawmium provides full root access to the VPS, leaving identity, authorization, and compliance controls entirely to the user's configuration without platform-enforced policies.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — OpenClaw supports multi-agent setups, but Clawmium's hosting layer does not natively manage or restrict agent-to-agent trust or marketplace interactions.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).