China Issues Risk Alert for Viral AI Agent OpenClaw

China's National Cybersecurity Notification Center has issued a risk alert concerning OpenClaw, an artificial intelligence agent. The warning emphasizes that numerous exposed OpenClaw assets present significant security threats, rendering them easy targets for potential cyberattacks.

Developed by Austrian programmer Peter Steinberger, OpenClaw is designed to allow large language models to autonomously manage computers, which includes executing commands, handling files, and facilitating interactions through messaging platforms such as WhatsApp and Telegram, as reported by Xinhua News Agency.

Since its launch, OpenClaw has seen a worldwide increase in usage due to its efficient automated task processing and open plugin architecture. According to monitoring data from the National Network and Information Security Information Notification Center, more than 200,000 active OpenClaw internet assets exist globally, with approximately 23,000 of these situated in China, highlighting explosive growth within the sector.

The majority of OpenClaw assets are concentrated in technology-rich regions, including major cities like Beijing and Shanghai, as well as Guangdong and Zhejiang provinces.

The Cybersecurity Center's alert identifies significant security vulnerabilities inherent in OpenClaw’s architecture, default configurations, vulnerability management, plugin systems, and behavior control. If these vulnerabilities are exploited, they could lead to server breaches or the leakage of sensitive information.

Each element of OpenClaw's multi-layered architecture contains weaknesses. For instance, the integration gateway is susceptible to being bypassed through forged messages. Furthermore, the AI agent's high level of default configuration risks is alarming, as OpenClaw defaults to specific binding IPs and permits unrestricted access from external IPs without authentication. Several types of sensitive data, including API keys and message logs, are stored in plaintext, contributing to a striking 85 percent exposure rate.

The alert detailed that OpenClaw has disclosed a total of 258 vulnerabilities. From these, 82 have been identified recently, with 12 critical risks, 21 categorized as high risk, 47 as medium risk, and 2 as low risk. These vulnerabilities primarily relate to command injection, path traversal, and access control issues, which are notably easy to exploit.

Another significant concern highlighted in the alert is the unpredictable behavior of OpenClaw agents. These agents may escalate their privileges during execution, leading to unauthorized actions that could disregard user instructions. This behavior could result in serious repercussions, including data loss, information theft, or even total control over personal devices.

In light of these risks, the center has recommended several preventive measures. Users are advised to update OpenClaw promptly, improve default settings, cautiously install third-party plugins, enhance account authentication methods, and restrict execution privileges for the agents.

Moreover, users should limit OpenClaw's operational capabilities to ensure that only whitelisted system commands and permissions are permitted. This strategy is essential for preventing malicious commands from inflicting serious damage to personal devices.