Clawdrain: Exploiting Tool-Calling Chains for Stealthy Token Exhaustion in OpenClaw Agents

Modern generative agents such as OpenClaw - an open-source, self-hosted personal assistant with a community skill ecosystem, are gaining attention and are used pervasively. However, the openness and rapid growth of these ecosystems often outpace systematic security evaluation. In this paper, we...

Measuring AI Security: Separating Signal from Panic

The conversation around AI security is full of anxiety. Every week, new headlines warn of jailbreaks, prompt injection, agents gone rogue, and the rise of LLM-enabled cybercrime. It’s easy to come away with the impression that AI is fundamentally uncontrollable and dangerous, and therefore...

Bxss - A Blind XSS Injector Tool

ABlind XSS Injector tool Features Inject Blind XSS payloads into custom headers Inject Blind XSS payloads into parameters Uses Different Request Methods PUT,POST,GET,OPTIONS all at once Tool Chaining Really fast Easy to setup Install $ go get -u github.com/ethicalhackingplayground/bxss Arguments ...