The National Cybersecurity Notification Center issued a risk alert regarding OpenClaw, an artificial intelligence (AI) agent, on its official WeChat account on Friday, warning that numerous exposed OpenClaw assets are carrying significant security risks, making them prime targets for cyberattacks.

OpenClaw, created by Austrian developer Peter Steinberger, is designed to allow large-language models to operate computers autonomously, controlling files, executing commands, and interacting through messaging applications such as WhatsApp and Telegram, according to the Xinhua News Agency.

Since its release, OpenClaw has triggered a global deployment surge due to its powerful automated task processing capabilities and open plugin ecosystem. Monitoring data from the National Network and Information Security Information Notification Center shows over 200,000 active OpenClaw internet assets globally, with approximately 23,000 within China, showing explosive growth, the readout said.

These are mainly located in internet-dense regions like Beijing, Shanghai, South China's Guangdong Province, and East China's Zhejiang Province.

The center stated in its alert that OpenClaw poses major security risks across its architecture, default configuration, vulnerability management, plugin ecology and behavior control, which could lead to server compromise or sensitive data leakage if exploited.

Each layer of its multi-layer architecture has flaws. The IM integration gateway layer can be bypassed via forged messages, the alert said, adding that the AI agent also poses a high-level of default configuration risks as OpenClaw defaults to a certain binding IP address and allows access from all external IPs without authentication. Sensitive data like API keys and chat logs are stored in plaintext, leading to an 85 percent public exposure rate.

The alert said there have been a total of 258 vulnerabilities that have been disclosed for OpenClaw. Of 82 recent ones, 12 are critical risks, 21 are high risk, 47 are medium risk, and two are low risk. These risks are primarily in the form of command injection, path traversal and access control flaws, and are generally easy to exploit.

The alert also noted OpenClaw's uncontrollable agent behavior, as agents are prone to privilege escalation during execution, leading to unauthorized actions and ignoring user commands. This could result in data deletion, information theft, or device takeover, causing significant losses, according to the alert.

In the risk prevention recommendations, the center calls for users to upgrade the OpenClaw promptly, optimize default configuration, install third-party plugins cautiously, strengthen account authentication and limit agent execution privileges.

Besides, users should restrict the AI agent's operational capabilities, allowing only whitelisted system commands and permissions to prevent malicious instructions from causing substantive damage to personal devices, the alert said.