OpenClaw Photo: VCG

The National Computer Network Emergency Response Technical Team/Coordination Center of China (CNCERT) on Tuesday issued a risk alert regarding the safe use of OpenClaw, as the AI agent has recently gone viral in China.

CNCERT advised relevant organizations and individual users to strengthen network controls when deploying and using OpenClaw, enhance credential management, strictly manage plugin sources, and continuously monitor patches and security updates.

OpenClaw, created by Austrian developer Peter Steinberger, is designed to allow large-language models to operate computers autonomously, controlling files, executing commands and interacting through messaging applications such as WhatsApp and Telegram, according to the Xinhua News Agency.
 
Recently, downloads and usage of the OpenClaw application have surged, with major domestic cloud platforms including Tencent and ByteDance offering deployment services.

The intelligent agent software directly operates computers to perform tasks based on natural-language instructions, according to CNCERT's official WeChat account. To enable "autonomous task execution," the application is granted relatively high system privileges, including access to local file systems, reading environment variables, calling external service application programming interfaces (APIs), and installing extensions.

However, CNCERT found that improper installation and use of the OpenClaw agent has already led to several cases involving serious security risks.
Among the risks identified by the agency is a "prompt injection" threat, in which attackers embed hidden malicious instructions on web pages. If OpenClaw is induced to read such pages, it may be manipulated into leaking users' system keys.

There is also a risk of "misoperation," as the system may misinterpret user commands and intentions, potentially resulting in the deletion of important information such as emails and core production data.

In addition, several plugins designed for OpenClaw have been identified as malicious or potentially risky. Once installed, they may steal keys, deploy Trojan backdoors and conduct other malicious operations, turning affected devices into "botnet nodes," according to CNCERT.

Notably, multiple medium- to high-severity vulnerabilities in OpenClaw have already been publicly disclosed. If exploited by cyber attackers, these vulnerabilities could lead to system compromise and the leakage of private and sensitive data.

Based on the risks identified, the agency warned users not to expose OpenClaw's default management port directly to the public internet, and to manage access through security controls such as authentication and access control.

The agency also recommended disabling automatic updates for related plugins and installing only extensions from trusted sources that have undergone signature verification.