National Industrial Information Security Development Research Center Issues Risk Warning Notice for OpenClaw Applications in Industrial Sector

Odaily News The National Industrial Information Security Development Research Center has issued a risk warning notice regarding the application of OpenClaw in the industrial sector. The notice points out that the open-source AI agent OpenClaw (formerly known as Clawdbot, Moltbot), which can directly control computers based on natural language instructions, is currently accelerating its deployment and application in various industrial stages such as R&D design, production manufacturing, operation, and maintenance management.

The notice analyzes three main categories of risks: First, the risk of unauthorized access to industrial hosts and loss of production control. OpenClaw's permission control mechanism has inherent flaws, potentially leading to unauthorized operations causing consequences like parameter disorder, production line interruptions, and equipment damage. Second, the risk of leakage of sensitive industrial information. Multiple functional plugins suitable for OpenClaw have been identified as malicious plugins; attackers could exploit them to steal core confidential information such as industrial blueprints and API keys. Third, the risk of attack surface expansion and amplification of attack effects. OpenClaw currently has over 80 security vulnerabilities. If its management interface is exposed to the public internet, attackers could gain platform control permissions at low cost and use it as an automated attack assistant for lateral movement.

The notice recommends that industrial enterprises, in principle, prohibit granting system-level permissions to OpenClaw. It should be deployed in an independent, isolated zone and strictly prohibited from direct connection to industrial control networks. Simultaneously, the latest stable version should be deployed from official channels and security patches should be installed promptly.