The Chinese Ministry of State Security today warned of security risks associated with the use of open-source artificial intelligence agent OpenClaw, which has recently become a phenomenon among Chinese developers and users.
In an article published on its official account on the social network WeChat, the organization described the functioning of the system, popularly known in the country as “xiaolongxia” (“lobster”, due to the system’s red icon in the shape of the crustacean).
The ministry pointed out that, to allow the system to “complete tasks”, users often grant it elevated permissions, which can make it easier for attackers to gain remote control of the device or access sensitive information stored on it, and can create cybersecurity risks if used without due precautions.
The agency also warned that these programs may handle sensitive personal or business data and that, if compromised, they could cause leaks or be used to “generate and disseminate false information” on social media.
The official digital security warning from the main Chinese intelligence agency assured that some add-ons or extensions may contain vulnerabilities or be used to introduce malicious code capable of bypassing security controls and accessing information stored on the computer.
The guide recommends that users limit the permissions granted to the system, check the origin of installed add-ons, keep activity logs and run the system in isolated environments – such as virtual machines or ‘sandboxes’ – to reduce possible risks.
This type of AI agent can directly perform tasks in a computer system, manage files, compose emails or browse the internet based on user instructions, which represents an evolution in relation to traditional conversational models.
OpenClaw, created by Austrian programmer Peter Steinberger, has spread rapidly in Chinese technology communities in recent weeks, where users share installation guides and tutorials to implement this type of agents capable of automatically executing tasks on personal computers or servers.
In parallel, Chinese cybersecurity organizations warned of the rapid growth of the system and its potential risks, indicating that there are more than 200,000 active instances of OpenClaw on the internet, of which around 23,000 are in China.
Regulators and state media bodies have also warned of the system’s possible risks, and some government agencies and state-owned companies have advised their employees not to install it on work devices.
Leave a Reply