Chinese cybersecurity authorities have launched comprehensive safety protocols addressing critical vulnerabilities in the rapidly deployed OpenClaw AI automation platform. The National Computer Network Emergency Response Coordination Center, in collaboration with the Cyberspace Security Association of China, unveiled detailed guidelines on Sunday to mitigate security risks associated with the open-source tool nicknamed “lobster” for its versatile task-handling capabilities.
The advisory emerges following a March 13 warning from the National Network and Information Security Information Center under the Ministry of Public Security, which identified widespread exposure of OpenClaw installations to public internet access. This vulnerability has transformed numerous deployments into prime targets for malicious cyber operations despite the platform’s innovative functionality.
Individual users receive specific directives to install OpenClaw exclusively on dedicated devices, virtual machines, or properly isolated containers. The guidelines explicitly prohibit installation on primary work computers and advise against running the software with administrator or superuser privileges. Additionally, users are cautioned against processing or storing sensitive personal data within the OpenClaw environment to prevent potential breaches.
Enterprise and cloud service providers face strengthened requirements including mandatory security assessments, enhanced cloud host protections, integrated security safeguards, and reinforced supply chain integrity measures. These protocols aim to establish robust defense mechanisms against evolving threats.
Technical vulnerabilities identified include problematic architectural design elements, insecure default configurations that permit unrestricted external IP access, absence of authentication for remote connections, and unencrypted storage of sensitive information including API keys and conversation histories. Furthermore, the platform demonstrates critical weaknesses in permission controls during task execution, potentially enabling unauthorized actions, disregard of user commands, or harmful operations such as data deletion, information theft, and device hijacking.