China’s Cyber Centre Warns of OpenClaw Risks Amidst National Surge

China's cyber centre warns of OpenClaw risks amid national surge.

Amidst the rapid rise in popularity of the OpenClaw service, China’s National Computer Network Emergency Response Technical Team (CNCERT/CC) issued a warning about associated threats.

The agency stated that the software for deploying AI agents has extremely weak security settings by default.

“If a malicious actor finds an entry point, they can easily gain control over the system,” the statement said.

CNCERT/CC highlighted several major issues:

• prompt injections: hackers can embed hidden instructions on web pages. When read, the AI agent risks exposing the user’s system keys;
• likelihood of erroneous actions — due to misinterpretation of commands and user intentions, OpenClaw might delete important data, communications, or production databases;
• risk of infection through plugins — after installation, third-party extensions can steal keys, install trojans, and backdoors;
• presence of vulnerabilities — several medium and high-severity flaws have already been identified in OpenClaw. Their exploitation could lead to system takeover and large-scale information leaks.

Agency representatives emphasized that ordinary users might face theft of personal information, payment accounts, or API keys. For critical sectors like finance and energy, the consequences could be far more severe.

Security Recommendations

CNCERT/CC experts provided recommendations for organizations and ordinary users on installing OpenClaw:

• strengthening network control: management ports should not be directly accessible from the internet. Authentication, access control, and strict isolation of the execution environment are necessary;
• improving credential management: do not store keys in plain text and implement an audit system for actions and logs;
• strict plugin control — disable automatic updates and install extensions only from trusted sources;
• monitoring security updates.

Chinese Hype

The country is witnessing unprecedented interest in OpenClaw — citizens queue up for help in installing the software. Chinese IT companies are competing to provide services based on the solution, and educational events are being held across China to promote the adoption of the technology.

Afra Wang, a journalist covering the local AI sector, attended one such event and confirmed the enormous interest in the software: organizers even had to limit the number of participants due to a lack of space.

Major corporations are quickly responding to the trend. Alibaba released a system for configuring AI agents called CoPaw, which works with messengers and third-party models. On March 13, the company introduced the JVS Claw app for iOS and Android — it allows users without programming skills to install OpenClaw on their smartphones. Baidu released a similar service for Android.

Bloomberg added that the wave of enthusiasm has swept across various segments of the population — from students to retirees. The hype has generated a stream of compatible products, potentially positioning the country at the forefront of agentic AI.

Local authorities are also financially supporting the new direction. In the Longgang district (Shenzhen), developers and businesses are offered substantial subsidies for implementing AI agents. Companies can receive up to 2 million yuan ($300,000) for developing new “skills” for the agent, vouchers covering 40% of the cost of implementing a “digital employee,” a 30% discount on equipment, and up to 10 million yuan ($1.5 million) in investments.

Startups are offered two months of free housing rent, an 18-month office discount, and three months of free computing power.

The popularity of OpenClaw has led to a rally in the Chinese stock market — since the beginning of March, the total capitalization of relevant Chinese companies has increased by more than $100 billion, Bloomberg noted.

Restrictions for the Public Sector

Amidst the sharp rise in OpenClaw’s popularity and the notice of its potential risks, Chinese authorities began restricting the use of applications based on the software on work computers in state-owned companies and institutions.

Bloomberg found that government bodies and enterprises have been instructed not to install OpenClaw on work devices for security reasons.

The ban also extends to military families.

Back in February, OpenClaw deleted a Meta researcher’s email, despite commands not to do so.