China’s National Computer Network Emergency Response Technical Team has warned locals that the OpenClaw agentic AI tool poses significant security risks.
In a Tuesday post to its WeChat account, the CERT warned that OpenClaw has “extremely weak default security configuration” and must therefore be handled with extreme care.
The CERT is worried that attackers can target the tool by embedding malicious instructions in web pages, and that poisoned plugins for the agentic tool can put users at risk. China’s cyber-advisors also point out that OpenClaw has already disclosed several severe vulnerabilities that can result in credential theft and therefore enable serious attacks.
User error is another concern, as the CERT thinks OpenClaw users may inadvertently delete important data.
The organization recommends users isolate OpenClaw in a container, keep its management port isolated from the public internet, and implement strict authentication and access control procedures to keep attackers away from the agentic tool. The CERT also suggests that users disable automatic updates and restrict access to OpenClaw plugins.
The CERT’s advice is a little less alarmist than that offered by analyst firm Gartner, which in early February described OpenClaw as an “unacceptable cybersecurity risk” for business user, while also recommending users only run it in isolated nonproduction virtual machines with throwaway credentials.
The warning opens with the observation that China has seen a “surge in downloads and usage” for OpenClaw and its derivatives, thanks in part to “major domestic cloud platforms offering one-click deployment services.” One example of such offerings comes from web giant Tencent, which launched an OpenClaw-based tool called “Work Buddy” on Monday, and claimed users can set it up and integrate it with multiple chat platforms in minutes.
A day after China’s CERT posted its advice, local authorities reportedly banned the use of OpenClaw at some government agencies and state-run banks. ®
Source: The register