China Internet Finance Association releases "Risk Warning on the Application Security of OpenClaw in the Internet Finance Industry"

On March 15th, the China Internet Finance Association issued a risk warning on the security of OpenClaw in the internet finance industry. Although the OpenClaw intelligent agent can improve work efficiency, its default high system permissions and weak security configuration make it vulnerable to attackers, becoming a point of entry for stealing sensitive data or illegally manipulating transactions, posing significant risk challenges to the industry. The China Internet Finance Association advises financial consumers to be extremely cautious when installing OpenClaw on terminals used for online banking, securities trading, payments, and other personal financial transactions. If installation is necessary, it is recommended not to grant financial service system operating permissions, promptly follow up on OpenClaw vulnerability fixes, tightly control function plugin installations, and refrain from inputting sensitive information such as ID numbers, bank account numbers, and payment passwords when not in use. Additionally, such applications may incur high token fees while running, and users are advised to pay close attention to this. The original article is as follows: Risk Alert on the Security of OpenClaw in the Internet Finance Industry Application Recently, the open-source AI intelligent agent OpenClaw ("lobster") has seen its download and usage popularity continue to rise. This intelligent entity typically defaults to obtaining high system permissions and can directly control terminals such as computers based on natural language commands. The Network Security Threat and Vulnerability Information Sharing Platform of the Ministry of Industry and Information Technology (NVDB) and the National Internet Emergency Response Center (CNCERT) have issued relevant security risk alerts. Currently, the internet finance industry is highly digitized and online, directly handling key sensitive information such as client funds, assets, accounts, and personal financial data. While OpenClaw can enhance work efficiency, its default high system permissions and weak security configuration make it vulnerable to attackers, becoming a point of entry for stealing sensitive data or illegally manipulating transactions, posing significant risk challenges for the industry. In light of this, the China Internet Finance Association hereby provides the following risk alerts: I. Main Risk Indicators 1. Risk of Financial Loss OpenClaw has publicly disclosed multiple high-risk vulnerabilities that attackers can exploit through such vulnerabilities or injection via prompt words to gain control of devices. Additionally, the widely used function plugins (Skills) lack effective community security review mechanisms and have seen multiple instances of malicious plugin tampering incidents. In financial scenarios, the aforementioned risks could be exploited to steal online banking passwords, payment keys, securities trading API credentials, and other financial sensitive information, allowing unauthorized access to online banking, securities trading systems, and initiating fund operations, resulting in customer financial losses. 2. Trading Responsibility Risk The OpenClaw intelligent agent has the ability to autonomously perform multiple-step operations, and some users have used it for stock monitoring and investment strategy backtesting in financial scenarios. Automatic execution processes may lead to accidental fund transfers and investment product purchases, resulting in actual losses. Currently, artificial intelligence technology lacks complete interpretability, making it difficult to identify the responsible parties after automated financial transactions, with significant legal liability uncertainties. 3. Data Compliance Risk The OpenClaw intelligent agent has persistent memory capabilities, with data generated during runtime continuously stored in local session logs and memory files. When it calls large-model API interfaces or other operations, related data may be transferred to third parties. Internet finance scenarios involve highly sensitive data such as credit information, credit approval materials, transaction records, etc. Once these data enter the AI processing chain, their access scope and retention period may exceed the necessary range for the original business purpose, leading to compliance risks in financial data management. 4. New Type of Fraud Risk Criminals may engage in investment fraud under the guise of "AI stock trading," "guaranteed profits," using the popularity of "lobsters" to mass-produce counterfeit information from financial institutions, enticing the public to download counterfeit applications or transfer funds to specified accounts. Additionally, criminals may obtain control of consumer devices under the pretext of "installation on behalf" or "remote debugging," implanting malicious programs or stealing financial sensitive information. Relevant reports show that financial fraud cases involving AI are rapidly increasing, and the public's ability to identify such new forms of fraud schemes needs improvement. II. Prevention Suggestions In response to the above risks, the China Internet Finance Association proposes the following prevention suggestions: 1. Financial consumers are advised to be extremely cautious when installing OpenClaw on terminals used for online banking, securities trading, payments, and other personal financial transactions. If installation is necessary, it is recommended not to grant financial service system operating permissions, promptly follow up on OpenClaw vulnerability fixes, tightly control function plugin installations, and refrain from inputting sensitive information such as ID numbers, bank account numbers, and payment passwords when not in use. Additionally, such applications may incur high token fees while running, and users are advised to pay close attention to this. 2. Financial consumers are advised to remain vigilant against financial fraud activities carried out under names such as "raising shrimp for financial management," "AI stock trading," "guaranteed profits," etc. Any operations involving transfers, investments, etc., must be conducted through official channels, and individuals should not trust others who seek to control personal devices under the pretext of "installation on behalf" or "remote debugging." 3. Entities in the industry are advised not to install OpenClaw on terminals involved in processing client information, fund operations, risk control audits, transaction executions, and other financial business processes. Financial entities should not input customer financial information, transaction data, credit approval materials, or other sensitive data into this intelligent entity or access its processing chain. 4. Entities in the industry are advised to incorporate security management of OpenClaw and other intelligent entity applications into their internal information security management scope, organize special security training for unit employees, and enhance their ability to recognize and prevent security risks associated with such intelligent entity applications. China Internet Finance Association March 15, 2026 This article is excerpted from the China Internet Finance Association, GMTEight editor: Chen Wenfang.