【AI+OpenClaw】Official Reiterates "Lobster" Security Risks; MIIT Issues "Six Musts and Six Don'ts" Recommendations

OpenClaw “Lobster” becomes popular on the mainland, sparking a “raising lobsters” trend, while official attitudes remain cautious. Recently, regarding the safety risks in typical application scenarios of “lobsters,” the National Cybersecurity Threats and Vulnerabilities Information Sharing Platform (NVDB) issued the “Six Do’s and Six Don’ts” recommendations for preventing security risks of OpenClaw open-source intelligent agents.

The Ministry of Industry and Information Technology clearly identified four typical application scenario security risks, including prominent supply chain attacks and internal network infiltration in smart office scenarios; system and device sensitive information leaks and hijacking risks in development and operation scenarios; personal information theft and sensitive data leaks in personal assistant scenarios; and errors or account takeovers in financial transaction scenarios.

The Ministry recommends using the latest official version, strictly controlling internet exposure, adhering to the principle of least privilege, cautiously using skill markets, preventing social engineering attacks and browser hijacking, and establishing long-term protection mechanisms.

Recent foreign reports quoted that state-owned enterprises and government agencies have been asked to restrict the use of OpenClaw within office network environments. Several mainland brokerages have also issued emergency notices to strictly control internal installation and use of “Little Lobster” company products.

Six Do’s and Six Don’ts for Preventing Security Risks of OpenClaw (Lobster) Open-Source Intelligent Agents

1. Typical Application Scenario Security Risks

(a) Smart Office Scenario: Prominent supply chain attacks and internal network infiltration risks

1. Scenario Description: Deploying “lobster” within enterprises, connecting to existing management systems to enable intelligent data analysis, document processing, administrative management, financial assistance, and knowledge management.

2. Security Risks: Introduction of malicious plugins or “skill packs” leading to supply chain attacks; lateral network spread causing sensitive information leaks or loss in connected systems, databases; lack of audit and traceability mechanisms increasing compliance risks.

3. Response Strategies: Deploy on isolated network segments, separate from critical production environments; prohibit use of unapproved “lobster” terminals internally; conduct thorough security testing before deployment; grant minimal permissions during deployment; prevent cross-segment, cross-device, cross-system access; retain complete operation and activity logs to meet audit and compliance requirements.

(b) Development and Operations Scenario: Prominent risks of sensitive information leaks and hijacking

1. Scenario Description: Deploying “lobster” within enterprises or personally, converting natural language into executable commands to assist with coding, system monitoring, device inspection, configuration backups, process management, etc.

2. Security Risks: Unauthorized execution of system commands, device hijacking via network attacks; exposure of system accounts, ports leading to external attacks or password brute-force; leaks of network topology, account credentials, API interfaces.

3. Response Strategies: Avoid deploying in production environments; prioritize virtual machines or sandbox environments; conduct security testing prior to deployment; grant only necessary permissions, avoid admin rights; establish blacklists for high-risk commands; implement manual approval for critical operations.

© Personal Assistant Scenario: Prominent risks of personal data theft and sensitive information leaks

1. Scenario Description: Accessing locally deployed “lobster” via personal messaging apps for personal info management, daily tasks, digital asset organization, as well as learning and entertainment.

2. Security Risks: Excessive permissions enabling malicious reading, writing, or deleting files; network attacks when connected online; prompt injection leading to execution of dangerous commands or takeover; plaintext storage of keys leading to leaks or theft.

3. Response Strategies: Strengthen permission management, restrict access to necessary directories, block access to sensitive folders; prefer encrypted channels, restrict internet access, avoid high-risk commands or require secondary confirmation; store API keys, configs, and personal data encrypted.

(d) Financial Transaction Scenario: Prominent risks of errors or account hijacking

1. Scenario Description: Deploying “lobster” within enterprises or personally, calling financial APIs for automated trading, risk control, enhancing quantitative trading, research, and asset management; market data collection, strategy analysis, trade execution.

2. Security Risks: Memory poisoning causing erroneous trades; identity bypass leading to unauthorized account access; malicious plugins stealing credentials; lack of circuit breakers or emergency mechanisms causing uncontrolled trading.

3. Response Strategies: Implement network isolation and least privilege; disable unnecessary internet ports; establish manual review and emergency circuit breakers; add secondary confirmation for critical operations; strengthen supply chain review, use official components, regularly patch vulnerabilities; perform full-chain audit and security monitoring to detect and respond to risks promptly.

2. Security Usage Recommendations

(a) Use the latest official version. Download from official channels, enable auto-update notifications; back up data before upgrading; restart services and verify patches after updates. Do not use third-party or outdated versions.

(b) Strictly control internet exposure. Regularly check for internet exposure; if found, take offline and rectify immediately. Do not expose “lobster” instances directly to the internet; if necessary, use encrypted channels like SSH, restrict source IPs, and use strong passwords, certificates, or hardware keys for authentication.

© Follow the principle of least privilege. Grant only necessary permissions for tasks; implement secondary confirmation or manual approval for critical actions like file deletion, data transmission, or system configuration changes. Prefer running in containers or VMs to isolate permissions; do not deploy with admin accounts.

(d) Use skill markets cautiously. Carefully review “skill packs” from ClawHub before installation; avoid those requiring ZIP downloads, shell script execution, or password input.

(e) Prevent social engineering and browser hijacking. Use browser sandboxes, web filters, and extensions to block suspicious scripts; enable logging and audit; disconnect and reset passwords immediately if suspicious activity is detected; avoid visiting unknown sites, clicking on unfamiliar links, or opening untrusted documents.

(f) Establish long-term protection mechanisms. Regularly patch vulnerabilities; stay updated with OpenClaw official security alerts and risk warnings from the cybersecurity threat and vulnerability platform of the Ministry of Industry and Information Technology; use security tools and mainstream antivirus software for real-time protection; do not disable detailed logging and auditing features.