(Yicai) March 11 -- China’s computer network emergency response agency issued a risk alert yesterday about the safe use of the artificial intelligence agent OpenClaw, which has become highly popular since its release last year. The watchdog pointed out that the software can take control of a computer to perform tasks based on user instructions, but its weak default security settings mean that once attackers gain access, they can easily take full control of the system.

Improper installation and use of the OpenClaw agent have already caused some serious security risks, the National Computer Network Emergency Response Technical Team/Coordination Center of China said. For example, hackers can embed hidden instructions in web pages and trick OpenClaw into reading those pages, which may lead to the user's system keys being leaked. Because OpenClaw may misunderstand a user’s commands and intentions, it could also inadvertently delete important information in emails. Furthermore, several plugins designed for OpenClaw have been identified as malicious or as posing potential security risks. Once installed, they can perform harmful actions, including stealing passwords.

Unlike traditional chat-style AI assistants that just answer questions, agents like OpenClaw can, once authorized, automatically carry out tasks such as reading files, opening browsers and running programs. Many users regard them as digital assistants that can "do the work for you."

Recently, downloads and usage of OpenClaw, which was developed by Austrian programmer Peter Steinberger, have surged. Major Chinese cloud platforms such as Tencent Holdings, Moonshot AI and Minimax all offer one-click deployment services to help users install and configure the AI tool on their devices.

Local governments in cities such as Hefei, Shenzhen, Wuxi and Changshu, have successively released policy documents introducing special support measures for the open-source AI agent. Among them, Hefei Hi-Tech Industry Development Zone is providing up to CNY10 million (USD1.4 million) in computing-power vouchers for OpenClaw projects, while Shenzhen’s Longgang district is offering subsidies of up to CNY4 million (USD582,688) for demonstration-scenario projects.

In the financial sector, internal bank networks strictly restrict access to AI agent tools such as OpenClaw, a number of banking professionals told Yicai.

However, some brokerages have begun to experiment with its use. Industry insiders revealed that a number of quantitative trading and financial-engineering teams are exploring the use of OpenClaw for tasks such as organizing data, generating reports and automating strategy research in order to improve research and investment efficiency.

As more users start using and paying attention to OpenClaw, though, the risks surrounding the AI agent are becoming more apparent. Recently, a developer shared on social media that his friend had exposed the browser to the public internet through a virtual network computing remote desktop while using OpenClaw to write code. A few days later, his friend’s credit card was repeatedly hit with fraudulent transactions, almost maxing out the card.

Editor: Kim Taylor