Trade Trends News

Urgent Alert: OpenClaw ("Lobster") AI Agent Exposes Major Security Vulnerabilities, Official Defense Guidelines Issued

     Recently, an open-source AI agent tool known as OpenClaw (codenamed "Lobster") has gained widespread adoption within the global developer community. However, its potential security risks have also triggered high alert among regulatory authorities. In response to vulnerabilities and attack surfaces exposed by this tool in typical application scenarios, the Cybersecurity Threats and Vulnerabilities Information Sharing Platform (NVDB) of China's Ministry of Industry and Information Technology has urgently issued specialized security risk alerts. Collaborating with multiple AI agent service providers, cybersecurity enterprises, and vulnerability collection platforms, the Ministry has proposed a systematic "Six Dos and Six Don'ts" defense strategy. This initiative aims to help government agencies, enterprises, and individual users effectively mitigate risks and strengthen their cybersecurity defenses.

I. Adhere to Authorized Sources and Strengthen Version Management

  【DO】Obtain the Latest Version from Official Channels: Users must download stable versions exclusively through OpenClaw's official distribution channels and enable automatic update notifications. Before performing version upgrades, ensure local backups of critical data are completed; after upgrading, restart services and verify that patches have been successfully deployed.

  【DON'T】Use Unofficial or Outdated Versions: It is strictly prohibited to use third-party mirror packages from unknown sources or historical versions that have not been updated for extended periods. Such versions often contain known and unpatched security vulnerabilities, making them easy targets for attackers.

II. Reduce Internet Exposure and Control Access Boundaries

  【DO】Regularly Inspect Public Network Exposure: Relevant organizations should establish regular self-inspection mechanisms, utilizing network mapping tools to identify any unintended public network exposure of internal assets. If OpenClaw instances are found exposed to the internet, they must be immediately taken offline for rectification.

  【DON'T】Directly Expose Instances to the Public Internet: In principle, OpenClaw AI agent instances should not be directly exposed to the public internet. If remote access is genuinely required, encrypted tunneling technologies such as SSH should be used, with strict restrictions on source IP address ranges. Additionally, strong password policies must be enforced, or high-strength authentication mechanisms such as hardware keys or digital certificates should be adopted.

III. Uphold the Principle of Least Privilege and Prevent Unauthorized Operations

    【DO】Strictly Limit Permission Scopes: During deployment and usage, strictly adhere to the "least privilege" principle, granting only the essential permissions required to complete necessary tasks. For high-risk operations involving file deletion, external data transmission, or modification of core system configurations, implement secondary confirmation or manual approval processes. It is recommended to run OpenClaw in isolated environments such as containers or virtual machines to achieve physical separation of permission domains.

  【DON'T】Deploy Using High-Privilege Accounts: It is strictly forbidden to run OpenClaw using high-privilege accounts such as system administrator or Root during deployment. If the AI agent is maliciously compromised, attackers will directly inherit these elevated privileges, leading to complete host takeover.

IV. Exercise Caution When Introducing Skill Packs and Guard Against Supply Chain Attacks 

   【DO】Review Skill Market Code: Before downloading extension function packs (skill packs) from third-party marketplaces like ClawHub, conduct rigorous security audits of the code to confirm the absence of malicious logic prior to installation.

  【DON'T】Install High-Risk Command Skill Packs: Maintain high vigilance regarding skill packs requiring sensitive operations such as "downloading ZIP archives," "executing shell scripts," or "interactive password input." Resolutely refrain from using such packs to prevent backdoors or malicious programs from being implanted.

V. Enhance Endpoint Protection Capabilities and Defend Against Social Engineering Attacks

  【DO】Enable Sandboxing and Log Auditing: Users are advised to enable sandboxing features in browsers or install web filters to block the execution of malicious scripts. Additionally, enable detailed log auditing functions to record all operational activities. Upon detecting suspicious network connections or system behaviors, immediately disconnect from the network and reset relevant passwords.

  【DON'T】Access Suspicious Online Resources: Enhance personal security awareness by refraining from browsing unverified websites, clicking links in unfamiliar emails or instant messages, or easily reading documents from unknown sources. This helps prevent credential leakage caused by browser hijacking or social engineering attacks.

VI. Establish Long-Term Protection Mechanisms and Respond Promptly to Alerts

  【DO】Continuously Monitor and Patch Vulnerabilities: Establish long-term security operations and maintenance mechanisms, regularly scanning and patching system vulnerabilities. Pay close attention to security announcements officially released by OpenClaw, as well as risk alert information from national-level vulnerability databases such as NVDB. Government agencies, enterprises, and institutions are encouraged to combine endpoint detection and response (EDR) systems, host protection software, and mainstream antivirus tools to build real-time protection capabilities, achieving early detection and timely handling of potential risks.

  【DON'T】Disable Critical Audit Functions: Never disable detailed log auditing functions in pursuit of performance or convenience. Doing so would make it impossible to trace the source of security incidents, losing the optimal opportunity for emergency response.

     The "Six Dos and Six Don'ts" recommendations issued by the Ministry of Industry and Information Technology provide a comprehensive security operations guide for global OpenClaw users. In an era where artificial intelligence and open-source technologies are deeply integrating, only by embedding security throughout the entire lifecycle of development, deployment, and operations can organizations truly reap the benefits of technology while avoiding becoming victims of cyber attacks.