China’s cybersecurity authorities and the China Internet Finance Association warned that exposed OpenClaw deployments and excessive system privileges could increase risks of data leakage, illegal transaction control, and high API-related costs.
China’s National Cyber and Information Security Notification Center said active global OpenClaw internet assets exceeded 200,000, including about 23,000 in China, with domestic assets concentrated in Beijing, Shanghai, Guangdong, Zhejiang, Sichuan, and Jiangsu. The agency warned that internet-exposed OpenClaw agents could lose control, steal data, or enable device takeover. In a related warning, the China Internet Finance Association said OpenClaw’s high system privileges and weak security settings could expose sensitive data and allow illegal transaction control. It urged users not to grant permissions to financial systems, to track vulnerability patches, and to watch for potentially high token costs caused by continuous large-model API calls.