On March 10, 2026, the National Internet Emergency Center issued a risk alert concerning the security implications of using the OpenClaw application. In recent times, there has been a notable uptick in the downloads and utilization of OpenClaw, with prominent domestic cloud platforms facilitating its deployment through one-click services. This application is designed to operate computers via natural language commands and is endowed with extensive system privileges to enable 'autonomous task execution.' Nevertheless, its default security settings are lax, posing a risk that if compromised, attackers could swiftly assume complete control over the system.

At present, several security concerns have surfaced, including prompt injection attacks, unintended deletion of critical data, injection of malicious function plugins, and inherent security flaws. To mitigate these risks, the National Internet Emergency Center advises relevant institutions and individual users to adopt robust security practices. These include reinforcing network access controls, tightening credential management protocols, rigorously vetting plugin sources, and maintaining vigilance for software patches and security updates.