Ministry of Industry and Information Technology releases OpenClaw "Lobster" open-source intelligent agent safety guidelines: Six do's and six don'ts

Deep Tide TechFlow News, March 11 — According to the National Vulnerability Database (NVDB) of the Ministry of Industry and Information Technology’s Cybersecurity Threat and Vulnerability Information Sharing Platform, regarding the typical security risks associated with the open-source agent OpenClaw (“Lobster”) in various application scenarios, the Ministry of Industry and Information Technology, together with agent providers, cybersecurity companies, and other organizations, has officially issued the “Six Do’s and Six Don’ts” safety guidelines.

The announcement states that OpenClaw poses significant risks in four major scenarios: smart office, development and operations, personal assistants, and financial transactions. These include supply chain attacks, sensitive information leaks, personal data theft, and incorrect transactions. Users are advised to: use the latest official version, strictly control internet exposure, adhere to the principle of least privilege, use skill markets cautiously, prevent social engineering attacks, and establish long-term protective mechanisms; at the same time, avoid using third-party mirror versions, exposing agent instances to the public internet, granting administrator privileges, and disabling log auditing functions, which are high-risk operations.