TL;DR: OpenClaw’s skills model turns agent behavior into a distribution channel for real-world action, while its companion ecosystem shows how social interaction, tool use, and copied workflows can amplify indirect instruction risk, according to Lakera’s analysis. Once agents can execute and share behavior, governance has to shift from controlling prompts to controlling what runtime actions are allowed.
NHIMG editorial — based on content published by Lakera: OpenClaw, Skills, and the Lord of the Flies Problem
Questions worth separating out
Q: How should security teams govern AI agents that can execute real tasks?
A: Treat the agent as an operational identity, not a chat surface.
Q: Why do agent skills create more risk than ordinary prompts?
A: Prompts influence output, but skills can package scripts, permissions, and workflows that change real systems.
Q: What breaks when agent-to-agent workflows are left ungoverned?
A: The organisation loses control over how operational behavior spreads.
Practitioner guidance
- Classify agent skills as governed executables Require review of any skill that includes scripts, permissions, or workflows that can change production state.
- Separate tool trust from behavior trust Approve MCP connections and skill packages as two different controls.
- Monitor agent-to-agent workflow sharing Treat shared workflows, marketplace skills, and peer-recommended agent behaviors as supply-chain inputs.
What's in the full article
Lakera's full analysis covers the operational detail this post intentionally leaves for the source:
- The specific OpenClaw skill behaviors the vendor team tested and why they matter operationally
- Examples of indirect instruction and collaboration-platform abuse paths that are only summarised here
- The internal hackathon findings that pressure-tested agent social failure modes before formal controls exist
- The vendor's detailed breakdown of how skills distribution turns exploitation into a scaling problem
👉 Read Lakera's analysis of OpenClaw skills and agentic AI security risk →
OpenClaw skills and agentic AI governance: what teams are missing?
Explore further
Agentic AI skills create an execution layer, not just a usability layer. OpenClaw’s skills model packages instructions, scripts, and permissions into reusable behavior that an agent can apply inside real systems. That means the security problem is no longer only whether the model is fooled, but whether the packaged action can be trusted once it reaches runtime. The implication is that security teams must stop treating agent enablement as a prompt governance issue alone.
A few things that frame the scale:
- 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems (39%), inappropriately sharing sensitive data (31%), and revealing access credentials (23%), according to AI Agents: The New Attack Surface report.
- Only 44% of organisations have implemented policies to govern AI agents, even though 92% agree that governance is critical to enterprise security.
A question worth separating out:
Q: How do IAM and PAM teams reduce risk from autonomous agent actions?
A: Use task-scoped access, short-lived credentials, and explicit approval boundaries for high-risk actions. Separate the identity used to call tools from the identity allowed to approve sensitive operations, and make sure every agent action is attributable to a named owner and a defined business purpose.
👉 Read our full editorial: Agentic AI skills and OpenClaw create a new CISO risk surface