Claw-Eval: Toward Trustworthy Evaluation of Autonomous Agents
| Authors | Bowen Ye et al. |
| Year | 2026 |
| HF Upvotes | 112 |
| arXiv | 2604.06132 |
| Download | |
| HF Page | View on Hugging Face |
Abstract
Large language models are increasingly deployed as autonomous agents executing multi-step workflows in real-world software environments. However, existing agent benchmarks suffer from three critical limitations: (1) trajectory-opaque grading that checks only final outputs, (2) underspecified safety and robustness evaluation, and (3) narrow modality coverage and interaction paradigms. We introduce Claw-Eval, an end-to-end evaluation suite addressing all three gaps. It comprises 300 human-verified tasks spanning 9 categories across three groups (general service orchestration, multimodal perception and generation, and multi-turn professional dialogue). Every agent action is recorded through three independent evidence channels (execution traces, audit logs, and environment snapshots), enabling trajectory-aware grading over 2,159 fine-grained rubric items. The scoring protocol evaluates Completion, Safety, and Robustness, reporting Average Score, Pass@k, and Pass^k across three trials to distinguish genuine capability from lucky outcomes. Experiments on 14 frontier models reveal that: (1) trajectory-opaque evaluation is systematically unreliable, missing 44% of safety violations and 13% of robustness failures that our hybrid pipeline catches; (2) controlled error injection primarily degrades consistency rather than peak capability, with Pass^3 dropping up to 24% while Pass@3 remains stable; (3) multimodal performance varies sharply, with most models performing poorer on video than on document or image, and no single model dominating across all modalities. Beyond benchmarking, Claw-Eval highlights actionable directions for agent development, shedding light on what it takes to build agents that are not only capable but reliably deployable.
Engineering Breakdown
Plain English
Claw-Eval is a comprehensive evaluation suite for autonomous agents that addresses critical gaps in existing benchmarks. The paper introduces 300 human-verified tasks across 9 categories spanning three domains: service orchestration, multimodal perception/generation, and professional dialogue. Instead of checking only final outputs like existing benchmarks, Claw-Eval records every agent action through three independent evidence channels—execution traces, audit logs, and environment snapshots—enabling trajectory-transparent grading. This approach provides trustworthy evaluation of agent behavior, safety, and robustness across diverse real-world interaction paradigms that existing benchmarks largely ignore.
Core Technical Contribution
Claw-Eval's core innovation is trajectory-transparent evaluation architecture that moves beyond black-box final-output checking. Rather than a single grading signal, the framework captures three independent evidence streams (execution traces, audit logs, environment snapshots) that allow auditors to reconstruct and verify the complete decision path of an autonomous agent. This multi-channel evidence approach enables fine-grained assessment of intermediate steps, error recovery, safety compliance, and robustness to perturbations—dimensions that binary pass/fail metrics cannot capture. The contribution also includes the first large-scale benchmark (300 tasks) systematically covering underexplored modalities and interaction paradigms (multimodal generation, multi-turn dialogue) alongside traditional task execution.
How It Works
Claw-Eval operates as a three-layer evaluation pipeline. First, the task layer defines 300 human-verified problems distributed across 9 categories in three groups: general service orchestration (API calls, workflow management), multimodal perception and generation (vision/text understanding, image/code generation), and multi-turn professional dialogue (customer service, technical support). Second, the instrumentation layer deploys agents in sandboxed environments and simultaneously records agent behavior through three independent channels: execution traces (function calls, return values, control flow), audit logs (system events, permission checks, resource access), and environment snapshots (screenshots, file system state, database contents at key moments). Third, the evaluation layer processes these three evidence streams to grade not just final outputs but intermediate reasoning quality, safety compliance (did the agent attempt forbidden operations?), and robustness (did it gracefully handle failures or adversarial inputs?). This multi-stream design prevents any single instrumentation from lying or being bypassed, creating trustworthy signal even for adversarial agent behavior.
Production Impact
For engineers deploying autonomous agents in production, Claw-Eval provides a framework to prevent the costly scenario where an agent achieves correct outputs but via unsafe, unreliable, or non-compliant intermediate steps. In practice, adopting this approach means instrumenting your agent environments with three independent observation systems (similar to how aircraft have redundant flight data recorders), which adds infrastructure overhead but catches failure modes that end-to-end metrics miss—for example, an agent that calls a forbidden API that happens to fail, then retries and succeeds, versus an agent that properly checks permissions first. The 300-task benchmark enables standardized pre-deployment validation before agents touch critical systems (financial transfers, medical records, etc.), reducing the risk of releasing agents that pass quick benchmarks but fail safety audits. Trade-offs include increased storage (3x observability streams), latency overhead from logging/snapshots, and the engineering cost to integrate three observation systems, but these are acceptable when agent errors create regulatory or financial liability.
Limitations and When Not to Use This
Claw-Eval's task set, while broader than existing benchmarks, is still curated and human-verified, meaning it may not fully represent the long tail of edge cases in production deployments—adversarial users will find failure modes outside the 300 tasks. The framework assumes access to sandboxed environments where you can instrument execution traces, audit logs, and snapshots; applying this to agents operating on legacy systems or third-party platforms without API access is non-trivial. The paper does not deeply address how to automatically assign blame or fault when multi-channel evidence conflicts or when agents operate in partially observable environments where true state cannot be captured in snapshots. Additionally, the evaluation framework is task-agnostic but may be biased toward tasks where deterministic grading is possible; creative or open-ended tasks (generating marketing copy, research brainstorming) are underrepresented and harder to grade via evidence replay.
Research Context
This work builds on the growing body of agent benchmarks (WebArena, SWE-bench, API-Bank) but directly addresses their documented limitations: trajectory opacity, weak safety evaluation, and narrow interaction modalities. It advances the broader research agenda of making AI systems auditable and interpretable by demonstrating that production-grade evaluation requires multiple independent observability streams, inspired by fault-tolerant systems engineering and aircraft certification standards. The multi-channel evidence approach aligns with emerging work on AI system transparency and safety (mechanistic interpretability, causal tracing) but applies these ideas at the systems level rather than the model internals level. This positions Claw-Eval as a building block for the next generation of agent benchmarks that prioritize trustworthiness alongside capability, which is likely to become standard as autonomous agents move into regulated domains.
:::tip Subscribe Get weekly breakdowns of papers like this in AI Letters - the newsletter for engineers building production AI systems. :::
