夜雨聆风Agency warns of security risks in AI tool OpenClaw due to vulnerabilities
OpenClaw is an autonomous, open-source AI agent that leverages large language models to perform everyday tasks. Its curious red lobster logo has led Chinese users to playfully refer to it as the "AI lobster".
The release said OpenClaw is designed to directly operate computers via natural-language instructions, noting that to enable its autonomous task execution, the agent is granted relatively high system privileges.
However, the release warned that because OpenClaw's default security configuration is "extremely fragile", once attackers find a point of entry, they can easily gain full control of the system.
The team said some serious security risks have already emerged due to the improper installation and use of Open-Claw. For example, multiple medium — and high-risk vulnerabilities in OpenClaw have already been publicly disclosed, which could be maliciously exploited, leading to serious consequences such as system takeover and the leakage of private information and sensitive data.
OpenClaw 是一款自主运行的开源 AI 代理,依托大语言模型执行日常任务。其醒目的红色龙虾标志,让中国用户戏称它为 “AI 龙虾”。
公告称,OpenClaw 可通过自然语言指令直接操控计算机;为实现自主执行任务,该 AI 代理被赋予了较高的系统权限。
但公告同时警告,由于 OpenClaw 的默认安全配置 “极为脆弱”,一旦攻击者找到入侵入口,便可轻易获取系统的完全控制权。
该团队表示,因 OpenClaw 安装与使用不当,已出现部分严重安全隐患。例如,OpenClaw 已被公开披露多个中高危漏洞,这些漏洞若遭恶意利用,可能引发系统被接管、个人隐私及敏感数据泄露等严重后果。
来源:CHINADAILY
今日生词
vulnerabilities 漏洞
security risks 安全风险
privileges 权限