The Ministry of Industry and Information Technology's National Vulnerability Database (NVDB) has put forward the "six dos and six don'ts" recommendations for typical application scenarios and security risks related to lobsters.

On March 11th, in response to the security risks in typical "Claw" application scenarios, the Ministry of Industry and Information Technology organized intelligent agent providers, vulnerability collection platform operators, network security companies, etc. on the Network Security Threat and Vulnerability Information Sharing Platform (NVDB) to study and propose the "six do's and six don'ts" recommendations. The recommendations include using the official latest version; strictly controlling internet exposure; adhering to the principle of least privilege; cautious use of skill markets; guarding against social engineering attacks and browser hijacking; and establishing a long-term protection mechanism. I. Security Risks in Typical Application Scenarios (I) Smart Office Scene - prominent risks include supply chain attacks and enterprise intranet penetration 1. Scenario description: Deploying "Claw" internally in the enterprise to integrate with existing management systems for intelligent data analysis, document processing, administrative management, financial assistance, and knowledge management. 2. Security risks: Introducing abnormal plugins, "skills packages," etc. triggering supply chain attacks; network security risks spreading horizontally within the intranet, leading to leakage or loss of sensitive information from connected systems platforms, databases, etc.; lack of auditing and traceability mechanisms leading to compliance risks. 3. Response strategy: Deploy on a separate network segment isolated from critical production environments, prohibit the use of unapproved "Claw" intelligent agent terminals within the internal network; conduct thorough security testing before deployment, grant minimal permissions during deployment, prohibit unnecessary cross-segment, cross-device, cross-system access; retain complete operation and running logs to meet auditing and compliance requirements. (II) Development and Operations Scene - prominent risks include sensitive information leakage and hijacking control of systems devices 1. Scenario description: Deploying "Claw" by enterprises or individuals to convert natural language into executable instructions for assisting in code writing, code execution, device inspections, configuration backups, system monitoring, and management processes. 2. Security risks: Unauthorized execution of system commands, devices being hijacked by network attacks; exposure of system account and port information leading to external attacks or password cracking; leakage of sensitive information such as network topology, account passwords, API interfaces, etc. 3. Response strategy: Avoid direct deployment in production environments, prefer running in virtual machines or sandboxes; conduct thorough security testing before deployment, grant minimal permissions during deployment, prohibit granting administrator privileges; establish a blacklist of high-risk commands, implement manual approval mechanisms for important operations. (III) Personal Assistant Scene - prominent risks include personal information theft and leakage of sensitive information 1. Scenario description: Accessing locally deployed "Claw" through personal instant messaging software, providing personal information management, daily task processing, digital asset organization, serving as a knowledge learning, and life entertainment assistant. 2. Security risks: Excessive permissions leading to malicious read/write, deletion of arbitrary files; vulnerability to network attacks under internet access; injection of dangerous commands through prompt words, even taking over the intelligent agent; storing keys in plain text leading to personal information leakage or theft. 3. Response strategy: Strengthen permission management, only allow access to necessary directories, prohibit access to sensitive directories; prefer accessing through encrypted channels, prohibit unnecessary internet access, prohibit high-risk operation commands or add secondary confirmations; strictly store API keys, configuration files, personal important information through encryption. (IV) Financial Transaction Scene - prominent risks include causing incorrect transactions or account takeover 1. Scenario description: Deploying "Claw" by enterprises or individuals to call financial-related application interfaces for automated trading and risk control, improving efficiency in quantitative trading, intelligent investment research, and asset portfolio management, and enabling functions such as market data capture, strategy analysis, trade command execution, etc. 2. Security risks: Memory poisoning leading to incorrect transactions, bypassing identity verification leading to unauthorized account takeover; introducing plugins containing malicious code leading to theft of trading credentials; extreme cases of lack of circuit breakers or emergency mechanisms leading to frequent uncontrollable trading by the intelligent agent. 3. Response strategy: Implement network isolation and least privilege, close unnecessary internet ports; establish manual review and circuit breaker emergency mechanisms, add secondary confirmations to key operations; strengthen supply chain audits, use official components, and regularly fix vulnerabilities; implement full audit and security monitoring across the entire chain, promptly identify and address security risks. II. Security Recommendations (I) Use the official latest version. Download the latest stable version from official channels and enable automatic update reminders; backup data before upgrading, restart services after upgrading, and verify if patches are effective. Do not use third-party mirror versions or historical versions. (II) Strictly control internet exposure. Regularly check for internet exposure, immediately take offline and rectify if found. Do not expose "Claw" intelligent agent instances to the internet, if internet access is necessary, use encrypted channels such as SSH and limit access source addresses, use strong passwords or authentication methods such as certificates, hardware keys. (III) Adhere to the principle of least privilege. Grant the minimum permissions necessary to complete tasks based on business needs, require secondary confirmation or manual approval for important operations such as file deletion, data transmission, system configuration changes. Preferably run in isolation within containers or virtual machines to create an independent permission area. Do not use administrator privilege accounts during deployment. (IV) Cautiously use skill markets. Carefully download ClawHub "skills packages" and review the code of the skills package before installation. Do not use skills packages that require "downloading ZIP," "executing shell scripts," or "entering passwords." (V) Guard against social engineering attacks and browser hijacking. Use browser sandboxes, webpage filters, and other extensions to block suspicious scripts, enable logging and audit features, immediately disconnect the gateway and reset passwords when encountering suspicious behavior. Do not browse websites of unknown origin, click on unfamiliar webpage links, or read untrusted documents. (VI) Establish a long-term protection mechanism. Regularly check and patch vulnerabilities, pay attention to risk alerts from OpenClaw official security notices, the Ministry of Industry and Information Technology Network Security Threat and Vulnerability Information Sharing Platform, and other vulnerability databases. Party and government agencies, enterprises, and individual users can combine network security protection tools, mainstream antivirus software for real-time protection, and timely address any potential security risks. Do not disable detailed logging and audit functions. This article is compiled from the official website of the "Ministry of Industry and Information Technology Network Security Threat and Vulnerability Information Sharing Platform," GMTEight Editor: Jiang Yuanhua.