Forward Reminder! AI Cultivating "Lobsters" - Beware of Safety Risks

Recently, the Cybersecurity Threat and Vulnerability Information Sharing Platform of the Ministry of Industry and Information Technology detected that some instances of OpenClaw (commonly known as “Lobster”) open-source AI agents pose significant security risks when configured with default or improper settings. These vulnerabilities can easily lead to cyberattacks, information leaks, and other security issues.

OpenClaw (formerly known as Clawdbot, Moltbot) is an open-source AI agent that integrates multi-channel communication capabilities with large language models to create customized AI assistants with persistent memory and proactive execution abilities. It can be deployed locally in a private environment. Because OpenClaw’s deployment involves “blurred trust boundaries” and it has features such as continuous operation, autonomous decision-making, and the ability to call system and external resources, it may, in the absence of effective permission controls, auditing mechanisms, and security hardening, be exploited through command injection, configuration flaws, or malicious takeover. This can result in privilege escalation, information leaks, system control, and other security risks.

It is recommended that relevant organizations and users thoroughly check exposure to public networks, permission configurations, and credential management when deploying and using OpenClaw. They should disable unnecessary public access, improve security mechanisms such as identity authentication, access control, data encryption, and security auditing, and continuously monitor official security notices and hardening suggestions to prevent potential cybersecurity threats.

(Source: CCTV News)