At a Glance
Users need clear, post-task traces of what AI helpers did — not just warnings — so they can spot risky actions, understand lasting changes, and undo or clean up effects.
ON THIS PAGE
Key Findings
Many people sense that AI desktop helpers are risky but cannot name what those risks are or what the helper actually changed. Adoption often happens because of social pressure or urgency, not because users understand the authority they granted. People across skill levels want tools that show a step-by-step timeline, what files or settings were touched, which account or tool had authority, and what persistent effects remain. A prototype called AgentTrace that surfaces five coordinated post-hoc views helped participants reconstruct actions, identify risky operations, and plan remediation, leading to more calibrated trust.
Data Highlights
1Interview study: 16 participants across non-technical, technical, and expert deployer groups.
2Trace framework: five trace dimensions / five coordinated views (task timeline, resource touchpoints, permission history, action provenance, persistent side effects).
3Corpus: materials drawn from five source types (official docs, advisories, security reports, news, tutorials/discussion).
What This Means
Product managers and designers of desktop AI helpers should prioritize post-task auditability to keep users safe and confident. Engineers and security teams building or deploying agentic tools should add trace logging and user-facing reconstruction to make remediation practical. HCI and security researchers can use the five-dimension trace model as a checklist for evaluating real-world agent ecosystems.
Need expert guidance?We can help implement this
Key Figures
Fig 1: Figure 1. Problem framing of this paper. Users delegate tasks and authority to personalized computer-use agents through skills, tutorials, and setup choices, yet the agent’s execution can remain opaque across files, tools, network access, and persistent system changes. We propose AgentTrace, a traceability-oriented interface that makes actions, touched resources, permissions, provenance, and residual side effects legible after task execution.
Fig 2: Figure 2. Conceptual decomposition of a personalized computer-use agent. Such systems combine mixed-trust inputs, an agent core, execution surfaces, persistent state, extensibility mechanisms, and user-visible outputs. This structure helps explain why users may struggle to understand what the agent can access, what it changed, and what remains after task execution.
Fig 3: Figure 3. AgentTrace , our traceability-oriented prototype for personalized computer-use agents. The interface combines five coordinated views for post-hoc auditing: a task timeline, a resource touch map, a permission and authority history, an action provenance inspector, and a persistent change summary. Together, these views help users reconstruct what the agent did, what it touched, under what authority it acted, why actions occurred, and what residual changes remained after execution.
Fig 4: Figure 4. AgentTrace turns opaque agent execution into post-hoc audit support. Starting from a high-level user request, personalized computer-use agents may perform multi-step operations involving tools, imported skills, external content, and persistent system changes. AgentTrace organizes this behavior into five coordinated views—task timeline, resource touchpoints, permission history, action provenance, and persistent change summary—to help users reconstruct what happened and determine whether follow-up review or remediation is needed.
Ready to evaluate your AI agents?
Learn how ReputAgent helps teams build trustworthy AI through systematic evaluation.
Learn MoreKeep in Mind
The interview sample was small (16 people) and scenario-based, so findings are suggestive rather than definitive for all user populations. The prototype evaluation used mockups and controlled scenarios rather than a full production deployment, so implementation details and performance trade-offs remain untested. The study centered on one visible ecosystem (OpenClaw) as a motivating case, so some behaviors and risks may differ for other agent platforms or closed systems.
The Details
The study combined a multi-source ecosystem corpus, an interview study, and a prototype design-and-evaluation cycle to understand how people reason about personalized desktop AI helpers that can run commands, install dependencies, and modify local state. The corpus collected evidence from five source types (official documentation, advisories, security reports, news, and tutorials) to map common incidents, pathways to adoption, and lifecycle risks. Sixteen participants—spanning non-technical users, hands-on technical users, and expert deployers—were interviewed about first exposure, perceived risks, uninstall confidence, and audit needs. Interviews used grounded scenarios (third-party skill installs and local script execution) and low-fidelity mockups to probe which audit views helped participants make sense of agent behavior.
From those findings, the team derived a traceability framework emphasizing five post-hoc dimensions: task timeline, resource touchpoints, permission history, action provenance, and persistent side effects. AgentTrace, a prototype interface, organizes these five coordinated views to help users reconstruct what happened, under what authority each action ran, what resources were affected, and what remains after apparent removal. In scenario-based tests, participants used AgentTrace views to better identify unexpected or risky operations and to decide what cleanup or rollback was needed. The broader implication is that safety for action-capable AI helpers requires not only upfront permissions and filters but usable, post-task visibility that supports inspection, correction, and governance. traceability framework and audit views help anchor governance and accountability.
Need expert guidance?We can help implement this
Credibility Assessment:
Single author with low h-index (4), no listed affiliation, and arXiv preprint with no citations — limited/ emerging signal.