OpenClaw Photo: VCG

The National Computer Network Emergency Response Technical Team/Coordination Center of China (CNCERT) on Tuesday issued a risk alert regarding the safe use of OpenClaw, as the AI agent has recently gone viral in China.

CNCERT advised relevant organizations and individual users to strengthen network controls when deploying and using OpenClaw, enhance credential management, strictly manage plugin sources, and continuously monitor patches and security updates.

OpenClaw, created by Austrian developer Peter Steinberger, is designed to allow large-language models to operate computers autonomously, controlling files, executing commands and interacting through messaging applications such as WhatsApp and Telegram, according to the Xinhua News Agency.

Chinese industry observers noted the alert came as a timely response to a surge of non-professional users rushing to join the trend and download OpenClaw for trial use, while also serving as a reminder for governments and institutions promoting related deployment plans to adopt more professional and secure practices.

Recently, downloads and usage of the OpenClaw application have surged, with major domestic cloud platforms including Tencent and ByteDance offering deployment services.

The intelligent agent software directly operates computers to perform tasks based on natural-language instructions, according to CNCERT's official WeChat account. To enable "autonomous task execution," the application is granted relatively high system privileges, including access to local file systems, reading environment variables, calling external service application programming interfaces (APIs), and installing extensions.

However, CNCERT found that improper installation and use of the OpenClaw agent has already led to several cases involving serious security risks.
Among the risks identified by the agency is a "prompt injection" threat, in which attackers embed hidden malicious instructions on web pages. If OpenClaw is induced to read such pages, it may be manipulated into leaking users' system keys.

There is also a risk of "misoperation," as the system may misinterpret user commands and intentions, potentially resulting in the deletion of important information such as emails and core production data.

In addition, several plugins designed for OpenClaw have been identified as malicious or potentially risky. Once installed, they may steal keys, deploy Trojan backdoors and conduct other malicious operations, according to CNCERT.

Notably, multiple medium- to high-severity vulnerabilities in OpenClaw have already been publicly disclosed. If exploited by cyber attackers, these vulnerabilities could lead to system compromise and the leakage of private and sensitive data.

Based on the risks identified, the agency warned users not to expose OpenClaw's default management port directly to the public internet, and to manage access through security controls such as authentication and access control.

The agency also recommended disabling automatic updates for related plugins and installing only extensions from trusted sources that have undergone signature verification.

"AI agent applications such as OpenClaw are essentially open-source tools with a relatively low security threshold. When ordinary users lack the necessary technical knowledge and security awareness, potential risks are more likely to emerge," Ma Jihua, a veteran industry observer, told the Global Times on Tuesday.

He said these agents typically need to collect large amounts of online data to perform tasks and may also access information stored on users' devices, which could create data and system-level security risks if adequate safeguards are not in place. Given that China has consistently placed great importance on cybersecurity and data security, Ma stressed the need for the public to remain highly vigilant about related risks.

Recently, posts shared by users on social media platforms, including the RedNotes, have increasingly focused on the security status of users' computers and the effectiveness of task completion over the past month. Some users working in AI and internet-related fields have also shared methods for configuring programs to automatically detect hidden malicious instructions on web pages. For individuals with strong expertise in networking and cybersecurity, it can still be regarded as a useful tool. 

On Monday, some local governments also rolled out related policies to seize the emerging opportunity, while risk prevention was prominently included in the measures.

China's Wuxi high-tech zone in East China's Jiangsu Province announced on Monday measures to support businesses developing open-source artificial intelligence (AI) agents such as OpenClaw, aiming to attract talent, promote industrial growth, and provide substantial financial incentives.

In order to minimize the potential risks from the open-source AI agent, the Wuxi high-tech zone noted that it will strengthen the management of security standards. For example, anyone deploying OpenClaw must pass domestic adaptation certification to reduce supply chain risks.
 
Notably, earlier, before the application saw a wider spread among Chinese users, China's National Vulnerability Database (NVDB), operated by the Ministry of Industry and Information Technology, said on February 5 that it had detected relatively high security risks in some OpenClaw open-source AI agent instances under default or improper configurations, which could easily lead to cyberattacks and information leaks, and issued a public risk alert, according to the authority's official website.

"For professionals in small and medium-sized enterprises, AI agent technologies can be studied in depth and transformed into practical service capabilities, such as integrating them with traditional businesses or hardware applications like home service robots," Xiang Ligang, director-general of the Zhongguancun Modern Information Consumer Application Industry Technology Alliance, a telecom industry association, told the Global Times. 
Xiang added that the promotion of the AI agent industry should avoid a "rush mentality," stressing the need to balance proactive development with risk prevention so that SMEs can apply AI technologies safely and efficiently.

Xiang added that the promotion of the AI agent industry should avoid a "rush mentality," stressing the need to balance proactive development with risk prevention so that SMEs can apply AI technologies safely and efficiently.