Hong Kong Computer Emergency Response Team Coordination Centre: The Rise of AI Agent Platform OpenClaw, Security Risks Cannot Be Ignored.

On March 12, the Hong Kong Computer Emergency Response Team Coordination Centre issued a warning, pointing out that the open-source AI agent platform OpenClaw has recently risen rapidly, and as its popularity continues to increase, related network security risks are becoming increasingly apparent. The Centre emphasized that AI agent platforms with capabilities such as native operation, third-party plugin installation, and external service integration pose a much higher risk than conventional chat-based AI tools, and organizations and users must be vigilant when introducing such tools. According to a report quoted by the Centre, malicious attackers have already used fake GitHub code repositories and Bing AI search results to spread malicious software and proxy-type malicious software that can steal information to users searching for the OpenClaw Windows setup program. The Centre advises users to download and install through official websites, official documentation, and official repositories provided by the platform, and to avoid using unknown sources links. The Centre pointed out that OpenClaw has been found to have high-risk vulnerabilities, allowing malicious websites to hijack developers' OpenClaw agent programs. Fortunately, this vulnerability was fixed on February 26, 2026, but this incident serves as an important warning, demonstrating that organizations deploying AI agent tools may face greater risks if they lack adequate security oversight and control measures. In addition to vulnerabilities in the platform itself, new attack vectors have emerged in OpenClaw's skills ecosystem. Its official documents show that OpenClaw has an open-source skill registry called ClawHub, which allows users to publish skills to expand the platform's functionality, and users can search, install, update, and publish skills here. Skills typically consist of SKILL.md documentation and related auxiliary files. The Centre warned that this open expansion model accelerates function growth but also introduces supply chain risks of third-party components, which could become entry points for attackers. The Centre offered several recommendations, including verifying download sources and installation instructions, updating OpenClaw versions promptly, carefully installing third-party "skills" scripts, being wary of agent requests to perform high-risk operations, and treating OpenClaw as a high-privilege automation platform.