Internet Finance Association Issues Risk Warning on OpenClaw Application Security in Internet Finance Industry

On March 15, the China Internet Finance Association issued a risk alert regarding the application security of OpenClaw in the internet finance industry.

Recently, the open-source AI agent OpenClaw (“Lobster”) has seen a continuous rise in downloads and usage. This intelligent agent typically defaults to obtaining high system permissions and can directly control computers and other devices based on natural language commands. Recently, the Cybersecurity Threat and Vulnerability Information Sharing Platform (NVDB) of the Ministry of Industry and Information Technology and the National Internet Emergency Center (CNCERT) issued related security risk warnings. Currently, the online and digital transformation of the internet finance industry is highly advanced, handling key sensitive information such as customer funds, assets, accounts, and personal financial data. While OpenClaw can improve work efficiency, its default high system permissions and weak security configurations make it vulnerable to exploitation by attackers, potentially becoming a breach point for stealing sensitive data or illegally controlling transactions, posing serious risks to the industry. In response, the China Internet Finance Association provides the following risk warnings:

1. Main Risk Manifestations

(1) Funds Loss Risk

OpenClaw has publicly disclosed multiple medium- and high-risk vulnerabilities that attackers can exploit to gain control of devices through such vulnerabilities or via prompt injection methods. Additionally, its commonly used functional plugins (Skills) lack effective community security review mechanisms, and there have been multiple incidents of malicious plugin poisoning. In financial scenarios, these risks could be exploited to steal online banking passwords, payment keys, securities trading API credentials, and other sensitive financial information, enabling login to online banking or securities systems to initiate fund transfers, resulting in customer fund losses.

(2) Transaction Responsibility Risk

OpenClaw can autonomously perform multiple steps, and some users have used it for stock monitoring and investment strategy backtesting in financial contexts. Automated execution may lead to misoperations such as transferring funds or purchasing investment products, causing actual losses. Currently, AI technology does not have complete interpretability, and the responsibility for automated financial transactions is difficult to determine, leading to significant legal uncertainty.

(3) Data Compliance Risk

OpenClaw has persistent memory functions, and data generated during operation is continuously stored in local session records and memory files. When calling large model API interfaces or performing other operations, relevant data may be transmitted to third parties. Financial scenarios involve highly sensitive data such as credit reports, loan approval materials, and transaction records. Once such data enters the AI processing chain, its access scope and retention period may exceed the original business purpose, raising compliance risks in financial data management.

(4) New Scam Risks

Malicious actors may conduct investment scams using phrases like “AI stock trading” or “guaranteed profit,” and exploit the popularity of “Lobster” to mass-produce false information impersonating financial institutions, tricking the public into downloading fake apps or transferring money to designated accounts. Additionally, scammers may pose as “installing on behalf” or “remote debugging” to gain control of consumers’ devices, planting malicious programs or stealing financial sensitive information. Reports indicate that AI-related financial scams are rapidly increasing, and the public’s ability to recognize such new scam methods needs improvement.

2. Prevention Recommendations

In response to these risks, the China Internet Finance Association recommends the following:

(1) Financial consumers should exercise extreme caution when installing OpenClaw on devices used for online banking, securities trading, payments, and other personal financial activities. If installation is necessary, avoid granting system operation permissions related to financial services, promptly follow up on OpenClaw vulnerability fixes, strictly control plugin installations, and refrain from entering sensitive information such as ID numbers, bank card numbers, or payment passwords during use. Additionally, since such applications may incur high token costs due to continuous API calls to large models, users should monitor usage closely.

(2) Be highly alert to financial scams claiming “虾养理财” (“shrimp farming wealth management”), “AI stock trading,” or “guaranteed profit.” Always conduct transfers and investments through official channels, and do not trust others claiming to “install on your behalf” or “remote debugging” to access your devices.

(3) Institutions should avoid installing OpenClaw on devices involved in customer data processing, fund operations, risk control reviews, or transaction execution. Do not input sensitive customer financial information, transaction data, or loan approval materials into the agent or connect it to processing chains.

(4) Organizations should incorporate the security management of AI agents like OpenClaw into their overall information security framework. Conduct specialized security training for staff to enhance their ability to identify and prevent risks associated with such intelligent agents.