The China National Security Bureau has released a "Lobster" Secure Farming Guide

BlockBeats News, March 17th, the Chinese Ministry of State Security issued usage tips regarding the recently popular open-source AI assistant tool OpenClaw (nicknamed "Lobster"), stating that while this type of high-permission AI Agent can improve efficiency, it may also pose security risks such as host takeover, data leakage, and information misuse. Users are advised to use it rationally and strengthen security protection.

The tips point out that "Lobster," by integrating communication software with a large language model and having high-level system access capability, can directly execute user commands to complete tasks, thereby transitioning from "providing suggestions" to "automatic execution." At the same time, its plugin system supports functions such as file management, email composition, schedule arrangement, web browsing, and has long-term memory and proactive task triggering capabilities, leading some users to refer to it as "raising a lobster."

The security agency reminds that if configured improperly, the AI agent may bring multiple risks, including: high-level operation leading to remote takeover of devices, theft of sensitive data, exploitation of social accounts to disseminate false information, and system attacks through malicious plugins.

To mitigate risks, users are advised to follow the principle of least privilege when running the AI agent, encrypt sensitive data, deploy it in isolated environments like virtual machines or sandboxes, regularly check plugin sources, access permissions, and system logs, and avoid exposing core devices directly to the public network environment.