China’s National Computer Network Emergency Response Technical Team/Coordination Center – or CNCERT – issued a serious warning on March 10 about the popular AI agent OpenClaw, commonly referred to as “Little Lobster.” This open-source software allows users to control computers via natural-language commands and has surged in popularity, with major cloud platforms offering one-click deployment. But its high system privileges, access to local files, environment variables, external APIs – which let the software connect with external services – and plugin installations leave it perilously vulnerable.
CNCERT highlighted four critical risks. Prompt injection attacks can trick OpenClaw into reading malicious web content, leaking user system keys. Misinterpreted instructions risk accidentally deleting emails or core production data. Malicious “skills” plugins, already identified in circulation, enable key theft and backdoor deployment, turning devices into botnets, or networks of malware-infected devices controlled by a hacker. Multiple high- and medium-severity vulnerabilities – publicly disclosed – could grant attackers full system control, exposing personal photos, documents, payment accounts, and API keys; or in finance and energy sectors, crippling business operations and leaking trade secrets.
The alert coincides with OpenClaw’s explosive growth, underscoring tensions in China’s rush to deploy autonomous AI agents. These tools promise efficiency but blur lines between helpful automation and unchecked control. For individuals, the stakes are privacy; for critical infrastructure, they are existential.
Experts urge immediate safeguards: sandboxed permissions, rigorous plugin vetting, and user education. As AI evolves from advisor to actor, this episode signals a broader challenge: balancing innovation with ironclad security in an era of agentic systems.
Beijing’s prompt intervention reflects growing regulatory scrutiny of AI risks, following crackdowns on deepfakes and data flows. Yet with OpenClaw’s global footprint, the warning reverberates beyond China, pressing developers worldwide to prioritize safety before autonomy runs amok.
Francis Fong is a Hong Kong IT and Telecom expert who frequently represents the industry in public discussions about innovation, digital transformation, and technology policies
