RE: LeoThread 2026-03-10 00-25

National Internet Emergency Response Center Issues OpenClaw Security App Risk Advisory

On March 10, the National Internet Emergency Response Center issued a security risk warning for the OpenClaw application. The app is granted high system privileges—including access to local file systems, reading environment variables, calling external service APIs, and installing extensions. However, its default weak security configuration creates a critical vulnerability: attackers who exploit a flaw can easily take full control of the affected system. Previously, improper installation and use of the OpenClaw agent have led to key security risks, such as: - Prompt Keyword Injection; - Misoperation risks; - Malicious function plugins (skills);