Beijing, Feb 5, 2026, 21:25 (GMT+8)
- China’s industry ministry warned that poorly secured OpenClaw deployments could leave users vulnerable to hacks and data leaks
- The notice doesn’t impose a ban but calls for audits, tighter access controls, and identity verification
- The alert arrives amid a rush by Chinese cloud companies and developers to host and integrate the agent into workplace tools
China’s Ministry of Industry and Information Technology issued a warning Thursday about the fast-growing OpenClaw open-source AI agent, highlighting serious security risks if it’s misconfigured. Poor setups could expose users to cyberattacks and data breaches. The ministry stopped short of banning OpenClaw but urged organizations to review their public network exposure and strengthen identity authentication and access controls. Since its November launch, OpenClaw’s popularity has surged, prompting Chinese cloud giants like Alibaba’s Alicloud, Tencent Cloud, and Baidu to offer remote hosting services instead of running it locally. 1
This warning stands out as a rare, clear sign that Chinese regulators are zeroing in on high-privilege “agent” software as it shifts from demos into everyday applications. OpenClaw’s selling point is its ability to act on users’ behalf — but that also opens the door for errors, poor configurations, or harmful add-ons to cause actual security breaches.
An AI agent is software built to perform tasks, not merely respond to queries. Simply put, it can read files, navigate websites, execute commands, and log into accounts—provided the user allows it. This capability is its key strength. But it also introduces significant risk.
Chinese tech giants are racing to simplify OpenClaw deployment. Tencent, Alibaba, and ByteDance’s Volcano Engine have started embedding it into their cloud and workplace platforms, connecting it with apps like DingTalk and WeCom, according to Business Insider. Volcano Engine warned developers that since the tool requires broad “account and network access permissions,” it should run in a locked-down environment with strict access controls and frequent permission audits.
Security experts warn that agents with wide-ranging access can be exploited via “prompt injection”—sneaky or specially designed commands that fool a model into performing actions a user never intended, like exposing data or publishing content. This risk grows when an agent connects to email, chat, browsers, or cloud dashboards.
Recently, researchers spotted malware-infested “skills” — the add-ons that expand OpenClaw — making rounds in its ClawHub marketplace. Jason Meller, 1Password’s product VP, called the hub “an attack surface,” cautioning that the most popular download might turn into a “malware delivery vehicle,” according to 3 .
The Verge reported that security trackers uncovered multiple batches of malicious skills posing as crypto or productivity apps, aiming to deliver info-stealing malware and snatch secrets like API keys and passwords. Peter Steinberger, who created OpenClaw, has introduced more hurdles for uploaders and improved reporting tools. Still, researchers warn that the marketplace setup inherently allows some malicious code to slip by.
The ministry’s note comes amid another hit to the agent hype cycle: cybersecurity firm Wiz revealed that Moltbook, a new Reddit-style site marketed as a social network for OpenClaw bots, exposed private messages and user data before the issue was patched. Wiz cofounder Ami Luttwak told Reuters that rapid “vibe coding”—using AI to quickly build software—often makes people “forget the basics of security.” 2
Big unknowns remain. The ministry’s warning stops short of a ban, and OpenClaw’s open-source community can quickly fix vulnerabilities. Still, it might slow adoption among firms managing sensitive data and sparks the possibility of stricter regulations if breaches continue to mount.
China’s cloud companies face a tricky spot: hosting OpenClaw attracts developers and boosts compute sales, but it also piles on risk if insecure setups spread. Users have a steeper challenge — the more capable a tool, the greater the potential for things to go wrong.
