Claw Cash — agentic threat model
Claw Cash introduces a specialized financial infrastructure for autonomous agents, presenting high inherent risk due to direct cryptocurrency treasury management, but significantly mitigated by robust hardware enclave-based key isolation.
OWASP AIVSS score rationale
| Autonomy of Action | 0.80 | |
| Goal-Driven Planning | 0.40 | |
| Self-Modification | 0.10 | |
| Dynamic Tool Use | 0.70 | |
| Persistent Memory | 0.30 | |
| Contextual Awareness | 0.50 | |
| Dynamic Identity | 0.60 | |
| Multi-Agent Interactions | 0.80 | |
| Non-Determinism | 0.30 | |
| Opacity & Reflexivity | 0.40 |
Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.
MAESTRO 7-layer threat model
Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.
Not certain from the listing — Claw Cash is a wallet stack and SDK designed to integrate with external models (like Claude Code) rather than hosting or training foundation models directly.
Not certain from the listing — The tool focuses on transaction data and cryptographic keys rather than RAG, vector databases, or training data pipelines.
Provides OpenClaw skills, a TypeScript SDK, and a REST API. Threats include insecure tool integration where an orchestrating agent is manipulated via prompt injection to send unauthorized transaction parameters to the SDK.
Relies on hardware enclaves (AWS Nitro via Evervault) to isolate private keys. Threats include enclave escape vulnerabilities, misconfigured Evervault policies, or compromise of the host environment running the REST API.
Not certain from the listing — While it outputs JSON via CLI for integration, there is no explicit mention of transaction monitoring, anomaly detection, or financial guardrail logging.
Strong focus on security controls, specifically isolating private key generation and signing inside hardware enclaves to prevent prompt-injection attacks from directly draining the wallet.
Designed explicitly for agent-to-agent (A2A) commerce and paying for services. Threats include rogue or compromised peer agents tricking the host agent into executing unfavorable atomic swaps or draining its treasury through fraudulent service fees.
MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).