China’s top cybersecurity agency, CNCERT (National Computer Network Emergency Response Technical Team), issued its second major warning in less than a week regarding the viral AI agent OpenClaw.
While local governments in Shenzhen and Wuxi have been offering millions in subsidies to promote the tool—often referred to by the nickname “Raising Crayfish” due to its lobster-like logo—central regulators are moving to slam the brakes on its use in sensitive sectors.
The “Lethal Trifecta” of Risks
The CNCERT warning, alongside a similar notice from the National Vulnerability Database (NVDB), describes OpenClaw’s default security as “extremely fragile.”
- High-Level Permissions: Unlike standard chatbots, OpenClaw operates as an autonomous agent. To “get things done,” it requires deep access to local file systems, emails, and browser sessions, which creates a massive attack surface.
- Prompt Injection: Attackers can embed hidden malicious instructions on webpages. When OpenClaw “reads” these pages to perform a task, it can be tricked into leaking system keys or sensitive user data.
- Operational Errors: The agency warned that the agent frequently misinterprets complex commands, leading to “rogue” behavior such as unintended mass-deletion of critical work files or spamming hundreds of messages.
- Plugin Poisoning: The ClawHub marketplace (a third-party plugin store) has been flagged for “ToxicSkills”—malicious add-ons that can steal credentials once installed.
The Internal Ban: Banks and State Agencies
Following the warning, Bloomberg and Reuters reported a swift crackdown within the Chinese state sector:
- State Banks: Employees at China’s largest state-owned banks have been ordered to remove OpenClaw from all office devices.
- Personal Device Restrictions: In some agencies, the ban extends to personal phones if they are used to access work networks.
- Military Families: Reports indicate that even relatives of Chinese military personnel have been advised against using the software due to the risk of geospatial or personal data leakage.
The “Crayfish” Craze vs. Central Control
The warning highlights a growing rift between local economic goals and national security:
| Entity | Stance / Action |
| Local Governments | Offering up to ₹11 crore (10M Yuan) in subsidies to startups building on OpenClaw. |
| Tech Giants | Tencent (QClaw) and Xiaomi (MiClaw) are racing to integrate OpenClaw into WeChat and phone OSs. |
| Central Gov | Restricting usage at SOEs and government agencies; citing “shadow IT” risks. |
| The Public | “Raising crayfish” has become a social media frenzy, with retirees and students queuing for free installation help. |
Why the Sudden Alarm?
The timing of the second warning is linked to Peter Steinberger, the Austrian creator of OpenClaw, joining OpenAI in February 2026. Beijing is reportedly wary of a foreign-linked, open-source tool gaining “root access” to millions of Chinese computers just as geopolitical tensions over AI sovereignty reach a boiling point.
