"Raising Lobsters" Goes Viral: National Internet Emergency Center and China Academy of Information and Communications Technology Experts Warn of Risks

Official Risk Warning

On March 10th, the National Internet Emergency Center issued a security risk alert regarding OpenClaw. Previously, due to improper installation and use of the OpenClaw intelligent agent, several serious security risks have emerged, including “prompt injection” risks, “misoperation” risks, plugin (skills) poisoning risks, and security vulnerabilities.

The National Internet Emergency Center recommends that relevant organizations and individual users take the following security measures when deploying and using OpenClaw:

1. Strengthen network control, do not expose OpenClaw’s default management port directly to the public internet. Use authentication, access control, and other security measures to securely manage access services. Strictly isolate the operating environment and use containerization or similar technologies to limit OpenClaw’s permissions.

2. Enhance credential management, avoid storing keys in plaintext within environment variables; establish a comprehensive operation log auditing mechanism.

3. Strictly manage plugin sources, disable automatic update features, and only install signed extensions from trusted sources.

4. Continuously monitor patches and security updates, and promptly update versions and install security patches.

On the same day, People’s Daily published an article stating that the Ministry of Industry and Information Technology’s Cybersecurity Threat and Vulnerability Information Sharing Platform also issued related security risk alerts. In response, Wei Liang, Deputy Director of the China Academy of Information and Communications Technology, stated that the “Lobster” intelligent agent updates very quickly. Updating to the latest official version can indeed fix known security vulnerabilities, but it does not completely eliminate security risks. As a locally operated AI agent, “Lobster” has features such as autonomous decision-making and system resource invocation. Coupled with fuzzy trust boundaries and a market for skill packages that currently lack strict review, there are many potential risks. For example, when calling large language models, it may misunderstand user instructions, leading to harmful actions like deletions. Using skill packages embedded with malicious code could result in data leaks or system control. Because of configuration issues such as exposing instances to the internet, using administrator privileges, and storing keys in plaintext, even upgrading to the latest version without targeted preventive measures still poses attack risks. Cybersecurity is dynamic, and hacker techniques are constantly evolving. Relying solely on “patching” and “upgrading” as security guarantees is insufficient.

Wei Liang urges party and government agencies, enterprises, institutions, and individual users to exercise caution when using “Lobster” and similar intelligent agents. When security vulnerabilities or threats and attacks against “Lobster” are discovered, they should be reported immediately to the Ministry of Industry and Information Technology’s Cybersecurity Threat and Vulnerability Information Sharing Platform. According to the “Regulations on the Management of Network Product Security Vulnerabilities,” the platform will organize timely responses to effectively safeguard cybersecurity and protect the rights and interests of users.