On March 17, China's Ministry of State Security issued a usage warning regarding OpenClaw (nicknamed "Lobster"), an open-source AI agent tool that has recently gained popularity. The warning stated that while such high-privilege AI agents can improve efficiency, they may also pose security risks such as host control, data leakage, and information misuse. Users are advised to use them rationally and strengthen security protection.
The description states that "Lobster" integrates communication software with a large language model and high-privilege system access capabilities, enabling it to directly execute user commands to complete tasks, thus transforming from "providing suggestions" to "automatic execution." Furthermore, its plugin system supports various functions such as file management, email composition, scheduling, and web browsing, and possesses long-term memory and proactive task triggering capabilities, leading some users to refer to it as "raising lobsters."
Security agencies warn that improper configuration of intelligent agents can pose several risks, including: running with high privileges leading to remote takeover of devices, the theft of sensitive data, the exploitation of social media accounts to spread false information, and attacks on systems through malicious plugins.
To mitigate risks, users are advised to run intelligent agents according to the principle of least privilege, encrypt sensitive data, and deploy them in isolated environments such as virtual machines or sandboxes. At the same time, users should regularly check the source of plugins, access permissions, and system logs to avoid exposing core devices directly to the public network environment.
