






























A unit of China’s Ministry of Industry and Information Technology (MIIT) has issued guidelines on best practices and prohibitions for adopting and using OpenClaw, the popular artificial intelligence agent that continues to dominate the market.
The advisory, developed in collaboration with AI agent providers, vulnerability platform operators and cybersecurity firms, aims to address risks in typical use cases of “lobster”, OpenClaw’s mascot, according to a Wednesday statement from the MIIT-run National Vulnerability DataBase (NVDB).
The guidelines recommend six practices: use the official latest version, minimise internet exposure, grant only the minimum permissions necessary, exercise caution when using the skill market filled with third-party offerings, guard against browser hijacking, and regularly check for patch vulnerabilities.
By contrast, users are warned against using outdated or third-party mirror versions of OpenClaw, exposing AI agent instances to the internet, enabling administrator accounts during deployment, installing skill packs that require entering passwords, browsing unverified websites, and disabling detailed log auditing functions.
The NVDB also provided instructions on restricting internet access, scanning files and uninstalling the software.

It highlighted scenarios where risks may arise, such as connecting instant messaging apps to OpenClaw, which could grant “excessive permissions that enable malicious reading, writing or deletion of any files”.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。