China Internet Finance Association Issues OpenClaw Security Risk Advisory

BlockBeats News, March 15th, the China Internet Finance Association pointed out that although the OpenClaw smart agent can improve work efficiency, its default high system permissions and weak security configuration make it vulnerable to exploitation by attackers, becoming a loophole for stealing sensitive data or illegally manipulating transactions, posing a serious risk challenge to the industry. The guidance summarizes four major risk exposures of OpenClaw: fund loss risk, transaction responsibility risk, data compliance risk, and new type of fraud risk.

The China Internet Finance Association recommends that financial consumers be extremely cautious when installing OpenClaw on terminals for handling online banking, securities trading, payments, and other personal financial services.

If it is truly necessary to install, it is recommended not to grant financial services system operating permissions, promptly follow up on OpenClaw vulnerability fixes, strictly control function plugin installation, not to enter sensitive information such as ID card number, bank card number, payment password, etc., when not in use. In addition, such applications continuously call large model interfaces during operation, which may incur high Token fees. Users are advised to pay close attention.