Recently, I helped quite a few people install OpenClaw and noticed a lot of online discussion about security. The MIIT (Ministry of Industry and Information Technology) issued security warnings, someone leaked reports of vulnerabilities, and others claimed they suffered losses. I want to break down a few interesting points worth discussing here.
No Software Is Secure
OpenClaw does have security issues. An open-source project born less than three months ago with the fastest global user growth rate will inevitably attract malicious actors. Windows and Linux were the same in their early days—the more users, the more attention from bad actors.
But when it comes to vulnerabilities, the key is patching speed.
You Might Not Know How Fast It Updates
When I helped people install it, I noticed something: three days ago it was version 2026.3.2, the day before yesterday it became 2026.3.7, and yesterday it became 2026.3.8. The differences between each version are quite substantial.
When OpenClaw's founder surpassed React and Linux in GitHub stars, he posted something to the effect of: React and Linux support half the internet—we're just a little lobster, but we shipped 90 new commits yesterday. They hold anniversary conferences to celebrate; we iterate intensely every single day.
The official team is patching, attackers are also finding entry points, and both sides are accelerating.
Wrapper Products Are the Real Danger
Understanding this velocity explains why wrapper products are dangerous.
Many products on the market simply package a specific version of OpenClaw and sell it. However, each official upgrade may adjust the underlying architecture—wrapper products cannot continuously keep up in order to maintain stability. This effectively fossilizes all known vulnerabilities of that specific version.
You might be using a Windows XP that never receives patches. All newly discovered vulnerabilities fully apply to you. If you genuinely care about security, first check whether you're using a wrapper product.
The Model Is the Goalkeeper
There's another easily overlooked factor: the model you connect determines the security ceiling.
OpenClaw is an AI agent; the model serves as the goalkeeper in the middle. If you connect a cheap, weak model to save money, it becomes particularly susceptible to prompt injection. It leaks everything, giving away whatever is requested.
With a stronger model, it can recognize malicious instructions and reject suspicious requests. With a weak model, the door is wide open.
But What About You?
After discussing the Little Lobster's security, ask yourself: How many of your passwords are 123456 or your name? Do you use the same password across different websites? Does your home WiFi use certificates and keys? Can just anyone deploy to your company's production servers?
Attack capabilities in the AI era have fundamentally changed. Previously, Anthropic developed a security-oriented agent for penetration testing—it picked a random system and uncovered dozens of critical vulnerabilities. Most current system defenses don't even involve agents yet; they are inherently fragile.
The Little Lobster isn't secure? Your other systems might be even less secure.
What Do You Actually Have on Your Computer?
Many people are anxious about security, but think about it calmly: what valuable things do you actually have on your computer?
Bank card passwords stored on your computer? Unlikely. What's actually stealable is probably just an account worth 30 yuan per month.
Conversely, things that many people haven't paid attention to are more worth considering: uploading your own face to text-to-video models means directly handing over your personal digital identity. Your face being used by others to generate videos versus a 30-yuan account being stolen—which is more serious? Many people don't actually care about the former.
What You Should Actually Do
Rather than succumbing to anxiety, do a few practical things.
Find an old computer or a cheap small server, dedicated to running OpenClaw. It should contain no important data—if hackers breach it, they find nothing and can do nothing. This machine continuously works for you, but your most critical data isn't on it. Physical isolation is the most rudimentary yet effective measure. Don't deploy it on the most important machine in your work or personal life. Beyond security risks, it also consumes your computing resources; your computer will lag, which is a very practical concern.
Then keep synchronized with official updates. OpenClaw changes by the day—if you remain on one version without updating for two weeks, you're already behind. The value of this may be greater than you think.
Regarding models, if conditions permit, invest a bit more.
My Assessment
For most ordinary people, OpenClaw doesn't actually have much that can be stolen, yet it can continuously help you get work done. Being too worried about security to dare use it—I think that's rather a pity.
Of course, if you have substantial assets and are sensitive to security, then spend more money, buy a separate device, implement proper physical isolation, and use a better model. These investments are trivial compared to what you're protecting.
Start using it, and protect what needs protecting.
Originally published at https://guanjiawei.ai/en/blog/openclaw-security
Top comments (0)