Settings.json: 16 scoped Bash grants (was 6 wildcards), 26-pattern deny list (was 5).
CVE mapping: all 9 OpenClaw CVEs mapped to specific defenses with layer documentation.
Scan results: posture Grade D (expected without llm-security), deep scan 0 critical/high.
Hooks README: Option A — document llm-security hooks, recommend plugin installation.
README: evidence-based security section with scan data and verification instructions.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Data-driven comparison covering 9 CVEs, 10 security categories,
and attack surface analysis. Based on published research from
SecurityScorecard, DigitalOcean, Sangfor, and OpenClaw official docs.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Major update based on Anthropic's March 24, 2026 releases:
- feature-map.md: expanded from 20 to 22 capabilities, gaps reduced
from 2 to 1 (only Canvas/A2UI remains)
- examples/11-computer-use: desktop control via screenshots and clicks
- examples/12-remote-control: /rc and Dispatch for phone control
- examples/13-auto-mode: AI safety classifier for autonomous execution
- cowork-integration/: how Code + Cowork + Dispatch together replicate
OpenClaw's full feature set
- security/auto-mode-explained.md: deep-dive on the new permission mode
- Updated README with broader ecosystem table and revised scores
Score: 12 full match (55%), 9 different approach (41%), 1 gap (4%)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
