TechFlow News: On March 11, the Ministry of Industry and Information Technology (MIIT)’s Cybersecurity Threat and Vulnerability Information Sharing Platform (NVDB) issued a notice regarding security risks associated with typical application scenarios of OpenClaw (“Lobster”), an open-source agent. In collaboration with agent providers, cybersecurity firms, and other organizations, MIIT officially released the “Six Must-Dos and Six Must-Nots” security usage guidelines.
The notice highlights prominent security risks posed by OpenClaw across four key application scenarios—intelligent office operations, development and operations (DevOps), personal assistance, and financial transactions—including supply-chain attacks, sensitive information leakage, personal data theft, and erroneous transactions. To mitigate these risks, users are advised to: use the latest official version; strictly limit internet exposure; adhere to the principle of least privilege; exercise caution when using skill marketplaces; guard against social engineering attacks; and establish long-term protective mechanisms. At the same time, users must avoid high-risk practices such as using third-party image versions, exposing agent instances to the public internet, granting administrative privileges, and disabling log auditing functions.
