National Internet Emergency Response Center releases risk warning for OpenClaw security application.

On March 10th, the National Internet Emergency Response Center issued a risk alert regarding the OpenClaw security application. Recently, the download and usage of the OpenClaw application has been popular, with major domestic cloud platforms providing one-click deployment services. This intelligent software is capable of controlling the computer directly based on natural language commands to perform various operations. In order to achieve the ability to "automatically execute tasks," this application has been granted high system permissions, including access to the local file system, reading environment variables, calling external service application programming interfaces (APIs), and installing extension functions. However, due to its default weak security configuration, once attackers discover a vulnerability, they can easily obtain complete control of the system. The National Internet Emergency Response Center recommends that relevant units and individual users take the following security measures when deploying and using OpenClaw: 1. Strengthen network control, do not expose the OpenClaw default management port directly to the public network, and manage access services securely through authentication and access control measures. Strictly isolate the operating environment and use technologies like containers to restrict high permissions of OpenClaw. 2. Enhance credential management, avoid storing keys in plain text in environment variables, and establish a complete operation log audit mechanism. 3. Strictly manage the source of plugins, disable automatic update functions, and only install extensions from trusted channels that have been verified by signatures. 4. Continuously monitor patches and security updates, and promptly update versions and install security patches. The original text is from the "National Internet Emergency Response Center" WeChat public account; GMTEight Editing: Chen Xiaoyi.