National Internet Emergency Response Center issues a security risk warning for OpenClaw.

Recently, the download and usage of the OpenClaw application has been popular, and mainstream cloud platforms in China have provided one-click deployment services. This intelligent software allows users to control computers directly based on natural language commands to complete various operations. In order to achieve the ability to "autonomously execute tasks," this application has been granted high system permissions, including accessing the local file system, reading environment variables, calling external service application programming interfaces, and installing extension functions. However, due to its default weak security configuration, once attackers find a loophole, they can easily gain full control of the system. It is recommended that relevant organizations and individual users strengthen network controls when deploying and using OpenClaw, not exposing the default management ports of OpenClaw directly to the public network, and secure access services through measures such as identity authentication and access control. Strictly isolate the operating environment and use technologies such as containers to limit the high permissions of OpenClaw.