CNCERT Issues Risk Alert for OpenClaw AI Agent in China

The National Computer Network Emergency Response Technical Team/Coordination Center of China (CNCERT) has issued a crucial risk alert regarding OpenClaw, an AI agent that has been gaining traction in China. This move underscores the agency's concern over the security implications associated with the widespread use of this technology.

CNCERT has urged organizations and individual users to bolster their network security measures while utilizing OpenClaw. This includes enhancing credential management practices, meticulously overseeing plugin sources, and maintaining vigilant monitoring of system patches and updates.

Developed by Austrian engineer Peter Steinberger, OpenClaw is engineered to empower large language models to autonomously manage computer tasks. It facilitates operations such as file control and command execution, while also allowing user interaction through messaging platforms like WhatsApp and Telegram.

The application has seen a recent increase in downloads, with major domestic cloud service providers like Tencent and ByteDance offering deployment solutions. This surge highlights OpenClaw's rising prominence in the technology landscape.

Operating on the premise of natural-language instructions, OpenClaw is granted elevated system privileges for efficient task execution. These permissions encompass local file system access, interaction with environment variables, and the capability to invoke external service application programming interfaces (APIs).

CNCERT highlighted that improper usage and setup of OpenClaw has already led to multiple incidents fraught with significant security vulnerabilities. Among the threats flagged is the 'prompt injection' risk, wherein attackers may embed malicious directives into web pages that OpenClaw is prompted to access.

Moreover, the agency noted a potential for 'misoperation' wherein the system could misinterpret user inputs, risking unintentional deletions of critical data including emails and essential production records.

Additionally, various plugins tailored for OpenClaw have been identified as either malicious or dubious. Such plugins pose the risk of stealing keys, introducing Trojan backdoors, and transforming affected devices into nodes for botnets.

Critical vulnerabilities classed as medium to high severity have been publicly disclosed in OpenClaw, and if these weaknesses are exploited, there could be severe repercussions including system breaches and exposure of sensitive information.

In light of the identified risks, CNCERT has advised against exposing OpenClaw's default management port to the public internet, recommending secure access protocols like authentication and access control to mitigate potential threats.

Furthermore, the agency advised users to disable automatic updates for related plugins and to only source extensions from verified and trusted sources to enhance security against possible attacks.