"Lobster" AI agent still poses security risks after update, experts' latest warning

Recently, the open-source AI agent OpenClaw (commonly known as “Lobster”) has become extremely popular. Experts from the China Academy of Information and Communications Technology have once again reminded that although the “Lobster” agent has been updated to the latest version to fix known security vulnerabilities, this does not mean that security risks are completely eliminated. Previously, the Cybersecurity Threats and Vulnerabilities Information Sharing Platform of the Ministry of Industry and Information Technology had issued related security risk alerts.

The open-source AI agent tool OpenClaw, nicknamed “Lobster” because of its red lobster icon, integrates communication software and large language models to autonomously perform complex tasks such as file management, email sending and receiving, and data processing on users’ computers.

Experts point out that since the appearance of “Lobster,” it has attracted widespread attention from China’s industry and users. Many have actively applied it, promoting the prosperity of China’s AI agent ecosystem. However, it is also important to recognize that the powerful execution capabilities of “Lobster” pose serious security challenges. On February 5, the Cybersecurity Threats and Vulnerabilities Information Sharing Platform issued a warning about the security risks of OpenClaw, offering some preventive suggestions.

Currently, updating “Lobster” to the official latest version can indeed fix known security vulnerabilities, but it does not mean that all security risks are eliminated. “Lobster” features autonomous decision-making and system resource calls. Coupled with fuzzy trust boundaries and a lack of strict review in the skill package market, there are many potential risks. For example, when calling large language models, it may misinterpret user instructions, leading to harmful actions such as deletion. Using skill packages embedded with malicious code could result in data leaks or system control. Configuration issues such as exposing instances to the internet, using administrator privileges, or storing keys in plaintext mean that even with the latest version, without targeted preventive measures, there remains a risk of attack. Cybersecurity is constantly evolving, and hacker techniques are continually iterating. Relying solely on “patching” and “upgrading” is not a foolproof security solution.

Experts urge government agencies, enterprises, institutions, and individual users to exercise caution when using “Lobster” and similar AI agents. When security vulnerabilities or threats and attacks related to “Lobster” are discovered, they should promptly report to the Cybersecurity Threats and Vulnerabilities Information Sharing Platform of the Ministry of Industry and Information Technology. The platform will organize handling according to the “Regulations on the Management of Network Product Security Vulnerabilities.”

Safe use of any network product requires not only timely updates but also adherence to the principles of “least privilege, proactive defense, and continuous auditing.” Experts recommend the following measures for secure use of “Lobster”:

First, use the official latest version. When deploying, prioritize downloading the latest stable version from official channels and enable automatic update notifications. Back up data before upgrading, restart services after upgrading, and verify that patches are effective. Do not use third-party images or outdated versions.

Second, strictly control internet exposure. Never expose “Lobster” instances to the public internet, restrict access sources, and use strong passwords, certificates, or hardware keys for authentication.

Third, adhere to the principle of least privilege. During deployment, do not use administrator accounts; only grant the minimum permissions necessary to complete tasks. For critical operations such as deleting files, sending data, or modifying system configurations, implement secondary confirmation or manual approval.

Fourth, exercise caution with the skill market. ClawHub is a community platform providing skill packages for “Lobster” users. These packages may contain malicious injections. It is recommended to download carefully, review the code before installation, and refuse any skill packages that request “download zip,” “execute shell scripts,” or “input passwords.”

Fifth, prevent social engineering attacks and browser hijacking. Avoid visiting unknown websites and refrain from clicking on unfamiliar links. Use web filtering extensions to block suspicious scripts, enable rate limiting and log auditing for OpenClaw, and immediately disconnect from the network and reset passwords if suspicious behavior is detected.

Sixth, establish a long-term protection mechanism. Enable detailed log auditing, regularly check and patch vulnerabilities. Government agencies, enterprises, institutions, and individual users should combine cybersecurity tools and mainstream antivirus software for real-time protection. Keep up-to-date with official security alerts for OpenClaw and risk warnings from platforms like the Cybersecurity Threats and Vulnerabilities Information Sharing Platform, and promptly address potential security risks.

Users of “Lobster” and similar AI agents must thoroughly understand and implement security configuration standards and develop safe usage habits.

(Source: CCTV News)