Ministry of Industry and Information Technology NVDB issues "Six Do's and Six Don'ts" recommendations on preventing OpenClaw ("Lobster") open-source agent security risks

People’s Financial News, March 11 — Regarding the security risks in typical “Lobster” application scenarios, the Cybersecurity Threat and Vulnerability Information Sharing Platform (NVDB) organized providers of intelligent agents, vulnerability collection platform operators, cybersecurity companies, and others to propose the “Six Do’s and Six Don’ts” recommendations.

1. Security Risks in Typical Application Scenarios

(1) Intelligent Office Scenario Main risks include supply chain attacks and internal network infiltration.

• Scenario Description: Deploying “Lobster” within enterprises to connect with existing management systems, enabling intelligent data analysis, document processing, administrative management, financial assistance, and knowledge management.
• Security Risks: Introduction of abnormal plugins, “skill packs,” etc., leading to supply chain attacks; lateral movement of cybersecurity threats within the internal network, causing sensitive information leaks or loss from connected systems, platforms, databases, etc.; lack of audit and traceability mechanisms increasing compliance risks.
• Response Strategies: Deploy on isolated network segments, separate from critical production environments; prohibit use of unapproved “Lobster” agents on internal networks; conduct thorough security testing before deployment; grant minimal permissions during deployment; prohibit cross-segment, cross-device, or cross-system access unless necessary; retain complete operation and runtime logs to meet audit and compliance requirements.

(2) Development and Operations Scenario Main risks include sensitive information leakage and hijacking of control over system devices.

• Scenario Description: Deploying “Lobster” by enterprises or individuals to convert natural language into executable commands, assisting with coding, code execution, device inspection, configuration backups, system monitoring, and process management.
• Security Risks: Unauthorized execution of system commands, device hijacking via network attacks; exposure of system account and port information, leading to external attacks or password brute-force; leakage of sensitive information such as network topology, account passwords, API interfaces.
• Response Strategies: Avoid deploying directly in production environments; prioritize virtual machines or sandbox environments; conduct security testing before deployment; grant minimal permissions, prohibit admin rights; establish a blacklist for high-risk commands; enable manual approval for critical operations.

(3) Personal Assistant Scenario Main risks include personal information theft and sensitive data leakage.

• Scenario Description: Using personal instant messaging apps or remote access to locally deployed “Lobster” to manage personal information, handle daily affairs, organize digital assets, and serve as a knowledge, entertainment, and lifestyle assistant.
• Security Risks: Excessive permissions allowing malicious reading, writing, or deleting files; network attacks when connected to the internet; prompt injection leading to execution of dangerous commands or takeover of the agent; plaintext storage of keys causing personal data leaks or theft.
• Response Strategies: Strengthen permission management, restrict access to necessary directories, block access to sensitive directories; prefer encrypted channels for access, restrict unnecessary internet access, prohibit high-risk commands or require secondary confirmation; store API keys, configuration files, and important personal information securely via encryption.

(4) Financial Trading Scenario Main risks include erroneous transactions and account hijacking.

• Scenario Description: Deploying “Lobster” in enterprises or individually to call financial application interfaces for automated trading and risk control, improving efficiency in quantitative trading, intelligent research, and asset management, including market data collection, strategy analysis, and trade execution.
• Security Risks: Memory poisoning causing incorrect trades; identity bypass leading to unauthorized account access; malicious plugins stealing trading credentials; lack of circuit breakers or emergency mechanisms causing uncontrolled agent behavior, such as frequent order placement.
• Response Strategies: Implement network isolation and least privilege principles; close unnecessary internet ports; establish manual review and circuit breaker emergency mechanisms; add secondary confirmation for critical operations; strengthen supply chain review, use official components, and regularly patch vulnerabilities; enforce full-chain audit and security monitoring to detect and respond to risks promptly.

2. Recommendations for Secure Use

(1) Use the latest official version. Download the latest stable version from official channels, enable automatic update notifications; back up data before upgrading; restart services after updates and verify patches are effective. Do not use third-party images or older versions.

(2) Strictly control internet exposure. Regularly check for internet exposure; if found, take immediate offline corrective actions. Do not expose “Lobster” agents directly to the internet; if internet access is necessary, use encrypted channels like SSH, restrict access sources, and use strong passwords, certificates, or hardware keys for authentication.

(3) Adhere to the principle of least privilege. Grant only the minimum permissions necessary for tasks; implement secondary confirmation or manual approval for critical operations like file deletion, data transmission, or system configuration changes. Prefer running in containers or virtual machines to isolate permissions; avoid using administrator accounts during deployment.

(4) Use skill marketplaces cautiously. Carefully review “Skill Packs” downloaded from ClawHub; review code before installation. Avoid skill packs requiring “ZIP downloads,” “shell script execution,” or “password input.”

(5) Prevent social engineering attacks and browser hijacking. Use browser sandboxes, web filters, and extensions to block suspicious scripts; enable audit logs; disconnect from the network and reset passwords immediately if suspicious activity is detected. Avoid visiting unknown websites, clicking on unfamiliar links, or opening untrusted documents.

(6) Establish long-term protective mechanisms. Regularly patch vulnerabilities; stay updated with official security advisories from OpenClaw and the Cybersecurity Threat and Vulnerability Information Sharing Platform; combine with cybersecurity tools and mainstream antivirus software for real-time protection; promptly address potential security risks. Do not disable detailed log auditing.