OpenClaw granted excessive permissions and multiple vulnerabilities exposed; National Internet Emergency Center (国家互联网应急中心) issues alert

Alert and immediate concern

It has been reported by ifeng that the National Internet Emergency Center (国家互联网应急中心) has issued a security alert after multiple vulnerabilities and instances of excessive permission grants were found in OpenClaw. The notice warns that some deployments and companion tools request broad system privileges, increasing the risk surface for local and network attacks. Who is affected? Everyone running OpenClaw instances locally or via third‑party installers.

Technical and user risks

Details in the report are limited, but the core concern is clear: overly permissive access plus unpatched flaws can enable privilege escalation, data exposure or remote manipulation of local services. Reportedly, a wave of user‑friendly wrappers and one‑click installers — which aim to remove command‑line setup pain — have proliferated in the ecosystem and may compound the problem by requesting elevated rights on macOS and Windows. Users and administrators are advised to audit installed components, revoke unnecessary permissions and follow official patch guidance where available.

Context and implications

This episode comes as China accelerates domestic AI and tooling development amid tighter global controls on advanced compute and software supply chains. The NIEC alert underscores that growth in local AI ecosystems brings not just capability but also new security responsibilities for developers, vendors and individual users. It has been reported that authorities expect faster disclosure and remediation cycles; in the meantime, cautious deployment and stricter permission hygiene are the pragmatic responses.