China Internet Finance Association Releases "Risk Warning Regarding the Application Security of OpenClaw in the Internet Finance Industry"

Zhitong Finance APP has learned that on March 15, the China Internet Finance Association released a “Risk Warning on the Security of OpenClaw in the Internet Finance Industry.” Although the OpenClaw AI agent can improve work efficiency, its default high system permissions and weak security configurations are easily exploited by attackers, becoming a breach point for stealing sensitive data or illegally controlling transactions, posing serious risks to the industry. The China Internet Finance Association advises financial consumers to be extremely cautious when installing OpenClaw on devices used for online banking, securities trading, payments, and other personal financial services. If installation is necessary, it is recommended not to grant system operation permissions related to financial services, promptly follow OpenClaw vulnerability fixes, strictly control plugin installations, and avoid entering sensitive information such as ID numbers, bank card numbers, or payment passwords when not in use. Additionally, since such applications continuously call large model APIs during operation, they may incur high token costs, and users should monitor this closely.

The original text is as follows:

Risk Warning on the Security of OpenClaw in the Internet Finance Industry

Recently, the open-source AI agent OpenClaw (“Lobster”) has seen a continuous rise in downloads and usage. This agent typically defaults to high system permissions and can directly control computers and other devices based on natural language instructions. Recently, the National Cybersecurity Threat and Vulnerability Information Sharing Platform (NVDB) and the National Internet Emergency Center (CNCERT) have issued related security risk alerts. Currently, the online and digital transformation of the internet finance industry is highly advanced, handling critical sensitive information such as customer funds, assets, accounts, and personal financial data. While OpenClaw can improve work efficiency, its default high system permissions and weak security configurations are easily exploited by attackers, becoming a breach point for stealing sensitive data or illegally controlling transactions, posing serious risks to the industry. In response, the China Internet Finance Association issues the following risk warnings:

1. Main Risks

(1) Funds Loss Risk

OpenClaw has publicly disclosed multiple medium- and high-risk vulnerabilities that attackers can exploit or inject via prompts to gain device control. Additionally, its commonly used plugin functions (Skills) lack effective community security review mechanisms, and malicious plugin poisoning incidents have occurred. In financial scenarios, these risks could be exploited to steal online banking passwords, payment keys, securities trading API credentials, and other sensitive financial information, leading to unauthorized fund transfers and transactions, resulting in customer losses.

(2) Transaction Responsibility Risk

OpenClaw can autonomously perform multiple steps, and some users have used it for stock monitoring and investment strategy backtesting. Automated operations may lead to misoperations such as fund transfers or purchasing investment products, causing actual losses. Currently, AI technology lacks full interpretability, making it difficult to determine responsibility after automated financial transactions, and legal liability remains uncertain.

(3) Data Compliance Risk

OpenClaw has persistent memory capabilities, and data generated during operation is stored locally in session records and memory files. When calling large model APIs or performing other operations, relevant data may be transmitted to third parties. Financial scenarios involve highly sensitive data such as credit reports, loan approval materials, and transaction records. Once this data enters the AI processing chain, its access scope and retention period may exceed necessary business purposes, raising compliance risks in financial data management.

(4) New Scam Risks

Malicious actors may conduct investment scams using phrases like “AI stock trading” or “guaranteed profit,” and exploit the popularity of “Lobster” to mass-produce false information from financial institutions, tricking the public into downloading fake apps or transferring money to designated accounts. Additionally, scammers may pose as “installing on behalf” or “remote debugging” to gain control of users’ devices, planting malicious programs or stealing sensitive financial information. Reports show that AI-related financial scams are rapidly increasing, and the public’s ability to recognize such new scam methods needs improvement.

2. Prevention Recommendations

In response to these risks, the China Internet Finance Association recommends the following:

(1) Financial consumers should be extremely cautious when installing OpenClaw on devices used for online banking, securities trading, payments, and other personal financial services. If installation is necessary, avoid granting system operation permissions related to financial services, promptly apply OpenClaw vulnerability patches, strictly control plugin installations, and refrain from entering sensitive information such as ID numbers, bank card numbers, or payment passwords when not in use. Since such applications may incur high token costs due to continuous API calls during operation, users should monitor this closely.

(2) Be highly alert to financial scams claiming “virtual shrimp farming,” “AI stock trading,” or “guaranteed profits.” All transfer and investment operations should be conducted through official channels, and avoid trusting others claiming to “install on your behalf” or “remote debugging” to access personal devices.

(3) Financial institutions should avoid installing OpenClaw on devices involved in customer data processing, fund operations, risk control, or transaction execution, and refrain from inputting sensitive customer data, transaction information, or credit approval materials into the agent or connecting it to processing chains.

(4) Financial institutions should incorporate the security management of AI agents like OpenClaw into their overall information security framework, organize specialized security training for staff, and enhance their ability to identify and prevent risks associated with such applications.

China Internet Finance Association

March 15, 2026

This article is compiled by the China Internet Finance Association and edited by Zhitong Finance: Chen Wenfang.