OpenClaw "龙虾" frenzy exposes security and cost risks as regulators sound alarms

Viral install rush — and rapid buyer's remorse

OpenClaw — popularly nicknamed "龙虾" — has become the latest AI status symbol in China, with deployment screenshots flooding social feeds and the hardware it runs best on, Mac mini, reportedly selling out across e‑commerce platforms. It has been reported that local governments in Shenzhen, Foshan, Changshu, Wuxi and Hefei even issued encouragement policies for "raising lobsters" (养龙虾) to ride the wave. But what began as a FOMO‑driven scramble to demonstrate technical cachet is producing fast buyer's remorse: on‑site uninstall services at roughly RMB 299 and widely circulated "龙虾卸载指南" are now part of the ecosystem.

Security, runaway bills and exposed instances

The enthusiasm has collided with hard technical realities. It has been reported that a Shenzhen programmer received a midnight token bill of RMB 12,000 after an API key was stolen and OpenClaw’s high‑automation permissions allowed unchecked model calls. Shodan monitoring reportedly shows over a hundred thousand OpenClaw instances exposed to the public internet with weak or no authentication, and claims circulate that about 12% of certain skill packages in third‑party plugin markets were laced with malware to steal SSH keys and browser passwords. For Western readers: unlike simple chatbots, OpenClaw is an "AI agent" that reads pages, runs tools and performs multi‑round interactions — which multiplies API token consumption and therefore cost.

Market winners, corporate bans and official warnings

Cloud providers and model vendors have benefited: it has been reported that MiniMax’s recurring revenue surged past US$150 million in a short period as model calls spiked, and rivals such as ByteDance (字节跳动), Tencent Cloud (腾讯云) and Alibaba (阿里巴巴) are racing to host agent workloads. At the same time, some multinational tech employers have banned OpenClaw on corporate devices to prevent leaks. Beijing regulators have not stayed silent: the Ministry of Industry and Information Technology and the National Internet Emergency Response Center have issued advisories about default configurations that could allow system takeover, urging stronger network controls, credential management, plugin vetting and patching.

Beyond hype: productivity tool or collective delusion?

OpenClaw illustrates a broader tension in China’s fast‑moving AI scene: the tool demonstrates impressive automation — coding, scheduling, mail handling — but most new users lack the expertise to configure and harden environments, and many deployments are driven by social signaling rather than real workflows. So who profits? The "shovel sellers" — installers, consultants, and now uninstallation services — already have. The tech lesson is plain: adoptive enthusiasm must be matched with security hygiene and cost awareness. Uninstall or not — that's a decision users must make with eyes open, not under the glare of a trending screenshot.