Amid the rapid rise in popularity of the OpenClaw service, China's National Computer Incident Response Center (CNCERT/CC) has issued a warning regarding associated threats.

The agency stated that the software for launching AI agents comes with extremely weak default security settings.

"If an attacker finds an entry point, they can easily take control of the system," the statement said.

CNCERT/CC highlighted several key issues:

  • Prompt injections: Hackers can embed hidden instructions on web pages. When read, the AI agent risks exposing the user's system keys;
  • Risk of erroneous actions: Due to misinterpretation of commands and user intentions, OpenClaw may delete important data, messages, or production databases;
  • Risk of infection through plugins: After installation, third-party extensions can steal keys, install trojans, and backdoors;
  • Presence of vulnerabilities: Several medium to high-severity flaws have already been identified in OpenClaw. Exploiting these could lead to system takeover and large-scale data leaks.

Officials emphasized that ordinary users could face theft of personal information, payment accounts, or API keys. For critical sectors like finance and energy, the consequences could be much more severe.

Security Recommendations

CNCERT/CC experts provided recommendations for organizations and regular users installing OpenClaw:

  • Enhance network control: Management ports should not be directly accessible from the internet. Authentication, access control, and strict isolation of the execution environment should be implemented;
  • Improve credential management: Do not store keys in plain text and implement an auditing system for actions and logs;
  • Strict plugin control: Disable automatic updates and only install extensions from trusted sources;
  • Monitor security updates.

The Chinese Hype

There is unprecedented interest in OpenClaw in the country, with citizens lining up for assistance in installing the software. Chinese IT companies are competing to provide services based on the solution, and educational events promoting the technology are taking place across China.

Afra Wang, a journalist covering the local AI sector, attended one such event and noted the immense interest in the software: organizers even had to limit the number of participants due to space constraints.

Major corporations are quickly responding to the trend. Alibaba launched the CoPaw system for configuring AI agents, which works with messengers and third-party models. On March 13, the company introduced the JVS Claw app for iOS and Android, allowing users without programming skills to install OpenClaw on their smartphones. Baidu also showcased a similar service for Android.

Bloomberg reported that the wave of enthusiasm has swept across various demographics, from students to retirees. The hype has generated a stream of compatible products that could position the country at the forefront of agent-based AI.

Local authorities are also financially supporting this new direction. In the Longgang district (Shenzhen), developers and businesses are offered substantial subsidies for implementing AI agents. Companies can receive up to 2 million yuan ($300,000) for developing new "skills" for the agent, vouchers covering 40% of the cost of implementing a "digital employee," a 30% discount on equipment, and up to 10 million yuan ($1.5 million) in investments.

Startups are offered two months of free housing, an 18-month office discount, and three months of free computing power.

The popularity of OpenClaw has led to a rally in the Chinese stock market—since the beginning of March, the total market capitalization of related Chinese companies has increased by over $100 billion, according to Bloomberg.

Restrictions for the Public Sector

In light of the rapid rise in popularity of OpenClaw and warnings about its potential risks, Chinese authorities have begun to restrict the use of applications based on the software on the work computers of state-owned companies and institutions.

Bloomberg found that government agencies and enterprises have been instructed not to install OpenClaw on work devices for security reasons.

The ban also extends to the families of military personnel.

Recall that in February, OpenClaw deleted the email of a Meta researcher despite being instructed not to do so.