Particle.news
Download on the App Store

China Warns of OpenClaw Security Risks as Big Tech Ramps Up Free Install Campaigns

Officials urge immediate hardening after findings of widespread exposure, weak defaults, malicious plugins.

Overview

  • The National Cybersecurity Reporting Center issued a formal alert citing more than 200,000 internet‑exposed OpenClaw assets worldwide, about 23,000 in China, with insecure defaults such as 0.0.0.0 binding, no authentication, plaintext secrets, 258 disclosed vulnerabilities and 10.8% of analyzed plugins containing malicious code.
  • Mitigation guidance calls for prompt upgrades, local or intranet‑only operation, restricted ports, authenticated reverse proxies with IP allowlists and HTTPS, cautious third‑party plugin installation, strong password policies and tight execution permission limits for agents.
  • Tencent announced a nationwide free installation tour from March 14 to April 25 across 17 cities, offering on‑site deployment, model configuration and skills setup, plus a campus program with OpenClaw classes and hands‑on training.
  • Lenovo will provide no‑cost OpenClaw deployment starting March 16 via one‑click online setup or in‑store installation at more than 2,000 outlets, with daily reservation limits for on‑site service.
  • Chinese universities began prohibiting campus use with uninstall deadlines and enforcement measures, while Huggingface’s CEO predicted the OpenClaw surge will fade within six weeks despite ongoing vendor promotions.