China issues new safety rules for OpenClaw. Here are the dos and don’ts
Authorities outline six dos and six don’ts for OpenClaw users, warning of risks amid an adoption frenzy
The advisory, developed in collaboration with AI agent providers, vulnerability platform operators and cybersecurity firms, aims to address risks in typical use cases of “lobster”, OpenClaw’s mascot, according to a Wednesday statement from the MIIT-run National Vulnerability DataBase (NVDB).
The guidelines recommend six practices: use the official latest version, minimise internet exposure, grant only the minimum permissions necessary, exercise caution when using the skill market filled with third-party offerings, guard against browser hijacking, and regularly check for patch vulnerabilities.
By contrast, users are warned against using outdated or third-party mirror versions of OpenClaw, exposing AI agent instances to the internet, enabling administrator accounts during deployment, installing skill packs that require entering passwords, browsing unverified websites, and disabling detailed log auditing functions.
The NVDB also provided instructions on restricting internet access, scanning files and uninstalling the software.
