Many universities are warning about OpenClaw security risks, with some strictly prohibiting its use on campus.

Effective immediately, all faculty and staff are strictly prohibited from installing, running, or using the OpenClaw software, its derivative versions, supporting plugins, or third-party skill scripts on any office equipment, teaching terminals, or campus network environments (including VPN remote connection terminals).

On March 10, the Information Data Management Office of Zhuhai University of Science and Technology issued a notice titled “Strictly Prohibit the Use of OpenClaw Software on Campus,” requiring those who have already installed the software to uninstall it immediately and thoroughly, removing all configurations, caches, and log files. The university will conduct irregular security scans and inspections of campus networks and terminals. Any violations involving installation or use will be dealt with seriously and in accordance with regulations.

The Information Data Management Office also emphasized that department heads must strictly fulfill their cybersecurity responsibilities, promptly organize faculty and staff to conduct comprehensive self-inspections and rectifications, ensuring full coverage, no blind spots, and proper implementation of this notice. Any network security incidents, data leaks, or system damages caused by illegal use of this software will result in strict legal and regulatory accountability for the responsible individuals.

Recently, the open-source AI agent framework OpenClaw (widely called “Lobster” due to its lobster icon) has gained rapid popularity online. Its ability to autonomously perform computer operations and handle office tasks has attracted widespread attention. However, the Ministry of Industry and Information Technology’s cybersecurity threat and vulnerability information sharing platform has detected that OpenClaw poses significant security risks under default or improper configurations, which could lead to network attacks, data breaches, or system control, posing serious threats to network and information security.

Public information shows that several universities have recently issued warnings to prevent security risks associated with OpenClaw.

For example, on March 10, Anhui Normal University’s Cybersecurity and Informatization Office issued a warning, highlighting core security risks of the “Lobster” AI agent.

1. High risk of privacy leaks: The tool requires high-level permissions to run, and personal information such as chat logs, account passwords, email content, and files are stored in plaintext locally. Improper configuration or hacking could lead to immediate theft of sensitive information.

2. Autonomous execution can easily become uncontrollable: The tool may misinterpret intentions or execute commands inaccurately. It can autonomously infer and act on vague instructions, with cases of ignoring user restrictions, mass deleting emails, or mistakenly deleting important files. Its overall security audit pass rate and core security metrics are very low.

3. Permission management vulnerabilities: The tool has fuzzy trust boundaries, with features like continuous operation, autonomous decision-making, and system/resource calls. Without effective permission controls and audit mechanisms, it can be manipulated or maliciously hijacked to perform unauthorized operations, leading to remote control of the computer system.

4. Mismatch between technical complexity and usage risks: The tool is essentially a low-level framework aimed at developers, requiring command-line skills and API key management, not a mature product for general users. Non-official “installation services” can significantly increase security risks due to misconfigured permissions, and such services may also be opportunistic, exploiting users for “IQ taxes.”

The university’s Cybersecurity and Informatization Office urges all faculty and students to evaluate this tool rationally based on their actual needs, avoid blindly installing or deploying the “Lobster” AI agent out of peer pressure, especially on devices connected to campus networks, office computers, or devices storing personal sensitive information and work data. Departments and staff are strictly prohibited from using this tool when handling teaching, research data, administrative information, or student data, to prevent campus data leaks, system attacks, and to safeguard campus data security.

The notice concludes by emphasizing that all faculty and students should enhance their awareness of cybersecurity and personal information protection, recognize the security risks of emerging AI tools, avoid granting high permissions to unfamiliar software, and refrain from downloading software from unofficial platforms.

Jiangsu Normal University’s Information Technology and Public Resources Management Office also issued a reminder on March 11 titled “Reminder on Preventing OpenClaw Security Risks.”

The university stated that OpenClaw has “fuzzy trust boundaries,” and without effective permission controls, it can be manipulated or maliciously hijacked to perform unauthorized operations, potentially leading to remote device control. There have been cases of file deletion and credential theft. Faculty and students are advised to deploy OpenClaw using cloud servers, virtual machines, or containerization for isolation, and avoid exposing services to the internet or campus network. If network access is necessary, it must be authenticated via encrypted channels like SSH, with strict restrictions on source IP addresses. During deployment, administrator accounts are strictly prohibited; only the minimum necessary permissions should be granted, and critical operations such as file deletion, data transmission, or system configuration changes should require secondary confirmation or manual approval.

The reminder also notes that skill packages provided by various online communities may carry security risks of malicious tampering. Faculty and students should carefully verify the code before installation and refuse to use skill packages that require “downloading ZIP files,” “executing shell scripts,” or “entering passwords.”

Source: The Paper

Risk Warning and Disclaimer

The market carries risks; investments should be cautious. This article does not constitute personal investment advice and does not consider individual users’ specific investment goals, financial situations, or needs. Users should consider whether the opinions, views, or conclusions in this article are suitable for their particular circumstances. Investment is at their own risk.