en.Wedoany.com Report, To help users safely utilize the globally trending AI agent framework OpenClaw, the National Internet Emergency Center and the Cyberspace Administration of China jointly released the "OpenClaw Secure Usage Practice Guide" on March 22. This guide targets different groups including general users, enterprise users, cloud service providers, and technical developers, proposing tailored security protection recommendations.

As an AI agent software capable of directly controlling computers to perform tasks based on natural language instructions, OpenClaw enhances work efficiency but also raises security concerns due to its fragile default security configurations and excessive permissions. The National Internet Emergency Center had previously issued a risk warning on March 10, pointing out multiple risks associated with the application, such as prompt injection, misoperation, plugin poisoning, and security vulnerabilities. The newly released Secure Usage Practice Guide provides further detailed and practical guidance based on the earlier risk warning.

For general users, the guide recommends installing OpenClaw on dedicated devices, virtual machines, or containers with proper environment isolation, and avoiding installation on daily work computers; not running OpenClaw with administrator or superuser privileges; not storing or processing private data within the OpenClaw environment; and promptly updating OpenClaw to the latest version to ensure that publicly disclosed medium and high-risk vulnerabilities are patched.

For enterprise users, the guide emphasizes establishing security usage policies at the organizational level, including strict review of OpenClaw's deployment environment, restricting its access to sensitive systems and data, establishing operational log auditing mechanisms, and supervising and training employees on OpenClaw usage.

For cloud service providers, the guide proposes three core recommendations: conducting security assessments and hardening at the foundational security level of cloud hosts; deploying and integrating security protection capabilities, providing tenants with necessary security protection options; and ensuring supply chain and data security protection to guard against risks arising from plugins or dependent components.

For technical developers and open-source community contributors, the guide suggests focusing on code security audits for OpenClaw, avoiding the introduction of malicious plugins or extensions with security flaws; following secure coding practices during development and promptly fixing known vulnerabilities; and actively participating in community security responses to collectively maintain the security of the OpenClaw ecosystem.

The release of this guide reflects regulatory authorities' high level of attention to the security of the AI agent ecosystem. As the penetration of OpenClaw and similar AI Agent applications continues to increase across various industries, establishing a comprehensive security system spanning usage norms to technical protections has become a crucial task for ensuring the healthy development of AI applications.