我从零开始构建了一个 AI 代理,因为框架是脆弱性
📄 中文摘要
OpenClaw 的崩溃引发了广泛关注。在 2026 年 1 月的安全审计中,发现了 512 个漏洞,其中 8 个是关键性漏洞。尽管该框架在 GitHub 上拥有超过 22 万颗星,但思科研究人员展示了通过技能系统进行数据外泄的可能性。受到这一事件的启发,作者决定从零开始构建一个自主的 AI 代理,认为依赖框架本身就是一种风险,更多的依赖意味着更大的攻击面。最终,作者仅使用了一个外部依赖库 `requests`,其他部分均采用标准库,设计阶段就内置了八项安全措施,并进行了 232 项测试,覆盖率达到 84%。经过两天的集中开发,成功构建了一个自主的 AI 代理。
📄 English Summary
I Built an AI Agent from Scratch Because Frameworks Are the Vulnerability
The OpenClaw incident raised significant concerns when a security audit in January 2026 uncovered 512 vulnerabilities, including 8 critical ones. Despite having over 220,000 stars on GitHub, researchers from Cisco demonstrated the potential for data exfiltration through its skill system. This incident prompted the author to build an autonomous AI agent from scratch, believing that relying on frameworks poses inherent risks due to increased dependencies and a larger attack surface. The author utilized only one external dependency, `requests`, while the rest of the implementation relied on the standard library. Eight security measures were integrated from the design phase, and the project included 232 tests with an 84% coverage rate. After two days of focused development, a fully autonomous AI agent was successfully created.
Powered by Cloudflare Workers + Payload CMS + Claude 3.5
数据源: OpenAI, Google AI, DeepMind, AWS ML Blog, HuggingFace 等