Particle.news

CNCERT Warns on OpenClaw Security Risks as Researchers Detail Link‑Preview Data Exfiltration

Authorities move to restrict use on government systems, citing high‑privilege access with weak defaults.

Overview

  • CNCERT cautioned that OpenClaw’s default configurations and broad system privileges can let attackers seize control through techniques including indirect prompt injection.
  • PromptArmor demonstrated that messaging‑app link previews can be manipulated to exfiltrate sensitive data immediately when an agent replies, without any user clicks.
  • The advisory also flagged risks of irreversible data deletion from misinterpreted instructions, malicious skills uploaded to public repositories, and exploitation of recently disclosed vulnerabilities.
  • Bloomberg reported that Chinese authorities are restricting OpenClaw on state‑run enterprise and government computers, with the ban said to extend to families of military personnel.
  • Huntress observed threat actors pushing fake OpenClaw installers on GitHub that delivered Atomic and Vidar stealers and a GhostSocks proxy, boosted by a top Bing AI search result, and defenders were urged to isolate services, close default ports, and keep agents updated.