- OpenClaw’s deep system access creates major security concerns for enterprise environments
- Chinese authorities warn that autonomous AI agents can unexpectedly expose corporate systems
- Prompt injection attacks threaten AI assistants operating directly inside workplace networks
Chinese cybersecurity authorities have issued fresh warnings about the workplace use of OpenClaw.
The authorities cite growing concerns that its rapid adoption may expose organizations to data and operational risks.
The alerts come as businesses and local governments across the country continue experimenting with the autonomous software agent.
OpenClaw is as risky as it is convenient
The notice was issued by the National Computer Network Emergency Response Technical Team/Coordination Center of China, which said improper installation and configuration of the tool could create security vulnerabilities.
OpenClaw’s ability to operate autonomously requires high-level system permissions, a design feature that increases the potential impact of misuse or exploitation.
Officials warned such careless deployment inside office environments could allow attackers to gain access to sensitive systems.
This is even more risky when organizations fail to configure endpoint protection tools correctly or overlook existing firewall safeguards.
The agency advised early adopters to review system permissions carefully, disable unnecessary public access, and apply stricter administrative controls.
OpenClaw, formerly known as Clawdbot and Moltbot, is an AI assistant that executes tasks on behalf of users.
It is deeply integrated with the operating system and can manage digital tasks such as drafting reports, organizing emails, and preparing presentations.
This creates risk because malicious instructions may pass unnoticed during routine operations, and Microsoft has warned about running it on enterprise workstations.
The tool may be vulnerable to so-called prompt injection attacks, in which hidden instructions embedded in web content manipulate the agent into performing unintended actions.
Authorities said such attacks could trick the software into revealing system keys or executing commands that compromise internal networks.
Due to its popularity, many fake variants of OpenClaw on GitHub are designed to deliver malware to users.
Another concern raised in official notices relates to operational errors caused by misinterpreted commands.
Security agencies warned that the AI agent could mistakenly delete important emails or files if it misunderstands instructions.
Earlier guidance from the National Vulnerability Database of China similarly cautioned that improper handling of the software could create high-level security risks.
The organization recommended stronger monitoring systems and reliable malware removal procedures when deploying the AI tool in business networks.
Despite repeated warnings, enthusiasm surrounding OpenClaw remains strong among major technology firms and regional authorities.
Cloud platforms such as Alibaba Cloud and large internet companies, including Tencent and ByteDance, have expanded access to the technology.
Tencent recently introduced new services integrating OpenClaw capabilities into widely used communication platforms, including WeChat and QQ.
At the same time, several local governments have introduced subsidies or public initiatives encouraging businesses and residents to experiment with the software.
Authorities now appear to balance these initiatives with stricter warnings about enterprise deployment.
Via SCMP
