Original Source

The AI agent 'OpenClaw' is gaining popularity, but experts warn of three security risks: excessive permissions, data breaches, and system intrusion, urging caution during use.

How 'OpenClaw' Works and Its Applications

The artificial intelligence (AI) agent known as 'OpenClaw,' or 'Lobster,' is attracting attention as an assistant for various tasks. Wang Shuai, an associate professor in the Department of Computer Science at the Hong Kong University of Science and Technology, explained that OpenClaw utilizes an AI model as its 'brain' and a search engine as its 'hands and feet,' allowing users to install 'skills' to expand its capabilities. OpenClaw can be applied in diverse areas such as data exploration, computer file processing, monitoring online shopping prices, stock analysis, and even company formation. It can also be operated via Telegram chat.

Key Security Risks of 'OpenClaw'

Professor Wang Shuai highlighted three primary security risks when using OpenClaw. First, there is a risk of data leakage as information is transmitted to remote AI models. Second, OpenClaw possesses high access privileges to the user's computer, potentially leading to incorrect software installations or accidental data deletions. To mitigate this, selecting high-quality AI models is recommended. Third, 'skills' are currently provided by third parties with insufficient oversight, so users should check the security ratings of these skills and proceed with caution. Professor Wang Shuai also suggested that using 'sandbox' technology could help reduce these risks.

*Source: 明報新聞網 (2026-03-20)*

Related Articles