The National Industrial Information Security Development Research Center issued a risk warning notice regarding the application of OpenClaw in the industrial sector.

The National Industrial Information Security Development Research Center issued a risk warning notice regarding the application of OpenClaw in the industrial sector. The notice points out that the open-source AI agent OpenClaw (formerly known as Clawdbot and Moltbot) can directly control computers based on natural language commands and is currently being rapidly deployed in R&D, manufacturing, and operation and maintenance management within the industrial sector. The notice analyzes three main risks: First, the risk of unauthorized access and production loss of control in industrial hosts. OpenClaw's permission control mechanism has inherent flaws, potentially leading to unauthorized operations, resulting in parameter corruption, production line interruptions, and equipment damage. Second, the risk of leakage of sensitive industrial information. Several functional plugins applicable to OpenClaw have been identified as malicious, allowing attackers to steal core confidential information such as industrial drawings and API keys. Third, the risk of attack surface expansion and amplified attack effects. OpenClaw currently has over 80 security vulnerabilities. If the management interface is exposed to the public internet, attackers can gain control of the platform at low cost and use it as an automated attack tool for lateral movement. The notice recommends that industrial enterprises, in principle, refrain from granting system-level permissions to OpenClaw, deploy it in an independent isolated area and strictly prohibit direct connection with industrial control networks, and deploy the latest stable version from official channels and install security patches in a timely manner.