CLAWBACK! The Chinese govt is warning the public about the risk of using OpenClaw! This is after local municipal governments went on a Claw-promotion spree encouraging everyone from housewifes to seniors to “raise a lobster” “Note this is the actual branch of central govt that is technologically literate, not the boomer led municipal govt that promoted this. I hope nothing serious happens. Otherwise some municipal govt cadres will lose their jobs” According to the risk notice: Risk Warning Regarding the Security Use of OpenClaw Source: CNCERT (China’s National Computer Network Emergency Response Technical Team) Date: March 10, 2026 Recently, the application OpenClaw (also known as “小龍蝦 / Crayfish”, formerly called Clawdbot and Moltbot) has become extremely popular for download and use. Major domestic cloud platforms now provide one-click deployment services. This intelligent agent software can directly control computers through natural language instructions. In order to achieve the capability of autonomously executing tasks, the application is granted relatively high system permissions, including: •Accessing the local file system •Reading environment variables •Calling external service APIs •Installing extensions and plugins However, because the default security configuration is extremely weak, if attackers discover a vulnerability they may easily obtain full control of the system. Recently, due to improper installation and use of OpenClaw agents, several serious security risks have already appeared: ⸻ 1. Prompt Injection Risk Attackers can embed hidden malicious instructions inside web pages. If OpenClaw reads that webpage, it may be tricked into executing those instructions, potentially causing the system to leak user secrets or credentials. ⸻ 2. Operational Error Risk Because the AI may misunderstand user commands or intent, OpenClaw could accidentally delete important information such as: •Email •Core production data •Other critical files ⸻ 3. Malicious Plugin (Skills) Risk Multiple plugins designed for OpenClaw have already been identified as malicious or potentially dangerous. After installation, they may: •Steal cryptographic keys •Install trojans or backdoors •Turn the device into a “botnet node” (“肉雞” – literally “zombie computer”) ⸻ 4. Security Vulnerability Risk Several high- and medium-severity vulnerabilities in OpenClaw have already been publicly disclosed. If exploited, attackers may gain: •System control •Access to private data •Access to sensitive information For individual users, this could expose: •Photos •Documents •Chat histories •Payment accounts •API keys For critical sectors such as finance or energy, this could lead to: •Leakage of core operational data •Exposure of business secrets •Leakage of source code repositories •System outages or paralysis Potential losses could be very difficult to estimate.

@h/t @MrBig2024