China's Cybersecurity Center Flags Critical OpenClaw Risks Amid Unprecedented National Craze

CNCERT/CC Raises Alarm Over OpenClaw Security

China's National Computer Network Emergency Response Technical Team (CNCERT/CC) has issued a formal warning about security threats posed by OpenClaw, the popular AI agent platform. According to the agency, the software ships with extremely weak default security settings, making it easy for attackers to seize control of systems once they find an entry point.

CNCERT/CC outlined several core vulnerabilities:

• Prompt injection attacks — hackers can embed hidden instructions on web pages that, when read by an AI agent, may cause it to expose users' system keys;
• Erroneous actions — misinterpreting user commands, OpenClaw may delete critical data, communications, or production databases;
• Plugin contamination — third-party extensions can steal keys, install trojans, and create backdoors after installation;
• Known vulnerabilities — several medium- and high-severity flaws have already been discovered in OpenClaw, potentially enabling full system compromise and large-scale data breaches.

The agency emphasized that everyday users risk losing personal information, payment accounts, or API keys. For critical sectors like finance and energy, the consequences could be far more severe.

Why This Matters

OpenClaw has triggered an unprecedented adoption frenzy across China. Citizens are lining up for help installing the software, IT companies are competing to build services on top of it, and educational events are being held nationwide. According to Bloomberg, the total market capitalization of related Chinese companies has surged by more than $100 billion since the beginning of March. The CNCERT/CC warning signals that the rapid pace of deployment is far outstripping security preparedness.

Security Recommendations from CNCERT/CC

The agency published specific guidelines for both organizations and individual users deploying OpenClaw:

• Network controls — management ports must not be directly exposed to the internet; authentication, access controls, and strict execution environment isolation are mandatory;
• Credential management — keys should never be stored in plaintext; action audit systems and logging must be implemented;
• Plugin governance — automatic updates should be disabled, and extensions should only be installed from trusted sources;
• Patch monitoring — users should actively track security updates.

Tech Giants Rush to Capitalize on the Trend

Major Chinese corporations have moved quickly to ride the wave. Alibaba released CoPaw, an AI agent configuration system that works with messaging apps and third-party models. On March 13, the company launched JVS Claw for iOS and Android, enabling users with no programming skills to install OpenClaw on their smartphones. Baidu released a similar Android service.

Journalist Afra Wang, who covers China's AI sector, attended one of the educational events and witnessed enormous demand firsthand — organizers had to cap attendance due to insufficient space.

Bloomberg reported that the enthusiasm has swept across all demographics, from university students to retirees. The flood of compatible products could position China at the forefront of the agentic AI space.

Subsidies and Restrictions: China's Dual Approach

Local authorities are backing the technology with substantial financial incentives. In Shenzhen's Longgang district, developers and businesses are offered generous subsidies: up to 2 million yuan ($300,000) for developing new agent "skills," vouchers covering 40% of "digital employee" implementation costs, a 30% discount on equipment, and up to 10 million yuan ($1.5 million) in investments. Startups receive two months of free housing, an 18-month office discount, and three months of free computing resources.

At the same time, authorities have imposed restrictions on the public sector. Bloomberg reported that government agencies and state-owned enterprises received orders not to install OpenClaw on work devices. The ban extends to families of military personnel.

The warning comes after an incident in February when OpenClaw deleted a Meta researcher's email despite explicit commands not to do so.