To help users safely operate the open-source AI agent OpenClaw, the National Computer Network Emergency Response Coordination Center of China and the Cyberspace Security Association of China jointly released guidelines on Sunday providing security recommendations for individual users, enterprises, cloud service providers and developers.

The AI-driven automation platform — nicknamed "lobster" — is known for its ability to handle complex tasks and support a wide range of plugins. Since its release, it has triggered a global deployment surge. However, many installations are directly exposed to the public internet, making them attractive targets for cyberattacks, the National Network and Information Security Information Center under the Ministry of Public Security warned on March 13.

According to the guidelines, individual users are advised to install OpenClaw only on dedicated devices, virtual machines or containers with proper isolation. They are also urged to avoid installing it on everyday work computers or running it with administrator or superuser privileges. In addition, users should not store or process sensitive personal data within the OpenClaw environment.

The guidelines also call on cloud service providers to conduct security assessments, strengthen baseline protections for cloud hosts, integrate security safeguards, and ensure supply chain and data protection.

A cybersecurity alert issued by the center said OpenClaw faces risks in its architectural design, default settings, vulnerability management, plugin ecosystem and behavioral control mechanisms.

It noted that default configurations leave many systems exposed online, allowing access from any external IP address. Remote access does not require authentication, and sensitive data such as API keys and chat records may be stored in plaintext.

The alert also warned that OpenClaw agents may experience failures in permission controls during task execution. As a result, they could carry out unauthorized actions, ignore user instructions, or perform harmful operations such as deleting data, stealing information or taking control of user devices.