← Back to stories A bird's eye view of fish farming cages in the clear waters of the Adriatic Sea.
Photo by DeLuca G on Pexels
IT之家 2026-03-08

China’s CCTV warns of risky OpenClaw AI deployments as “lobster farming” craze spreads

Regulatory warning

China’s state broadcaster CCTV (央视新闻) amplified a security alert that some instances of OpenClaw—an open-source autonomous agent also known online as “the lobster” (龙虾)—carry high risks under default or improper configurations. The warning cites findings from the Ministry of Industry and Information Technology’s (工业和信息化部, MIIT) Cybersecurity Threat and Vulnerability Information Sharing Platform, which reportedly observed exposures that could trigger network attacks and data leaks. The timing is notable: OpenClaw (previously Clawdbot and Moltbot) has gone viral in China for “proactive automation,” with users boasting of “lobster farming” as they spin up multiple agents to clear inboxes, book services, and manage calendars—without explicit prompts.

Risks and mitigations

Regulators flagged “blurred trust boundaries” during deployment and the agent’s ability to run continuously, make autonomous decisions, and call system and external resources. The concern: in the absence of robust permission controls, audit mechanisms, and hardening, OpenClaw could be induced by crafted instructions, misconfigurations, or outright takeover to perform over-privileged actions—leading to information leakage or full system compromise. Authorities advise developers and organizations to minimize public exposure, review permissions and credential management, disable unnecessary external access, strengthen authentication and access control, encrypt data, enable security auditing, and monitor official advisories. What could go wrong when an always-on agent can book services, read email, and execute system commands?

A growing target for attackers

Security risks are not theoretical. IT Home (IT之家) noted that 1Password said its security team observed attackers abusing OpenClaw “Skills” files—Markdown guides intended to teach new tasks—to distribute and plant malware on macOS. By disguising malicious payloads as legitimate integration tutorials, adversaries exploit the plug-in–like extensibility that makes such agents powerful in the first place.

Why it matters

For Western readers, CCTV is China’s dominant state broadcaster and MIIT is the country’s principal tech and industrial regulator; when they spotlight a risk, enterprises tend to take notice. The episode underscores a broader, global tension: DIY autonomous agents are sprinting ahead of enterprise-grade security practices. In China—where cybersecurity, data protection, and AI oversight have tightened in recent years—the message is clear. Viral or not, agents that act without humans in the loop must ship with hardened defaults and operate within strict, observable trust boundaries.

AISmartphones
View original source →