BlockBeats News, March 10th, the National Internet Emergency Response Center issued a security alert regarding the OpenClaw security application. The application has been granted high system permissions, including access to the local file system, reading environment variables, calling external service application programming interfaces (APIs), and installing extensions. However, due to its extremely weak default security configuration, once attackers find a loophole, they can easily gain full control of the system.
Previously, due to improper installation and usage of the OpenClaw agent, several serious security risks have emerged, including: “Keyword Injection” risk, “Misoperation” risk, poisoned function plugins (skills) risk, and security vulnerability risk.
It is recommended that relevant organizations and individual users take the following security measures when deploying and using OpenClaw: strengthen network controls; enhance credential management; strictly manage plugin sources, disable automatic update functions; continuously monitor patches and security updates, promptly update versions, and install security patches.
