Wedoany.com Report, On March 10th, the National Internet Emergency Center (CNCERT) issued a risk warning regarding the OpenClaw security application, directly pointing out that this globally popular open-source AI agent has significant security vulnerabilities. As the downloads and usage of OpenClaw (nicknamed "Crayfish" by the domestic developer community, formerly known as Clawdbot and Moltbot) have surged, mainstream cloud platforms in China have launched one-click deployment services, bringing its underlying security risks to light.

The National Internet Emergency Center pointed out that OpenClaw, as an agent software capable of directly controlling a computer to perform operations based on natural language instructions, is granted extremely high system permissions to achieve its core capability of "autonomous task execution." These permissions include accessing the local file system, reading environment variables, calling external service APIs, and installing extensions. However, due to its extremely weak default security configuration, once attackers find an entry point, they can easily gain full control of the system.

The notification indicates that improper installation and use of OpenClaw have already led to several types of serious security risks:

First is the risk of "prompt injection." Cyber attackers can construct hidden malicious instructions on web pages, inducing OpenClaw to read those pages, which may mislead it into leaking the user's system keys. Second is the risk of "misoperation." Due to misunderstanding user instructions, OpenClaw might completely delete important information such as emails and core production data. Third is the risk of malicious plugin poisoning. Several functional plugins suitable for OpenClaw have been confirmed as malicious or pose potential security risks. Once installed, they can perform malicious operations such as stealing keys and deploying Trojan backdoor software, turning the device into a "zombie machine." Fourth is the risk of security vulnerabilities. To date, multiple high and medium-risk vulnerabilities have been publicly disclosed for OpenClaw. If maliciously exploited, these could lead to system takeover and the leakage of private information and sensitive data.

For individual users, these risks could lead to the theft of sensitive information such as private data (e.g., photos, documents, chat records), payment accounts, and API keys. For critical industries like finance and energy, they could result in the leakage of core business data, trade secrets, and code repositories, or even paralyze entire business systems, causing immeasurable losses.

In response to the aforementioned risks, the National Internet Emergency Center has provided four security recommendations for relevant organizations and individual users:

1. Strengthen network controls. Do not expose OpenClaw's default management port directly to the public internet. Implement security management for access services through measures such as identity authentication and access control. Strictly isolate the runtime environment and use technologies like containers to limit excessive permissions.

2. Enhance credential management. Avoid storing keys in plaintext within environment variables, and establish a comprehensive operation log auditing mechanism.

3. Strictly manage plugin sources. Disable automatic updates and only install signed and verified extensions from trusted channels.

4. Continuously monitor for patches and security updates, and promptly perform version updates and install security patches.