The National Internet Emergency Center issued a security application risk alert for OpenClaw

The National Internet Emergency Center has issued a security risk alert for the OpenClaw application. Previously, due to improper installation and use of the OpenClaw agent, some serious security risks have emerged. It is recommended that relevant organizations and individual users take the following security measures when deploying and using OpenClaw:

1. Strengthen network control by not exposing the default management port of OpenClaw directly to the public internet. Implement security management for access services through identity authentication, access control, and other security measures. Strictly isolate the operating environment and use technologies such as containers to limit the excessive permissions of OpenClaw;

2. Enhance credential management by avoiding storing keys in plaintext in environment variables; establish a complete operational log audit mechanism;

3. Strictly manage the sources of plugins, disable the automatic update feature, and only install signed extensions from trusted channels;

4. Continuously monitor patches and security updates, and promptly perform version updates and install security patches.