Loading...
About this Episode
China's top cyber emergency response agency on Tuesday evening issued a risk alert over the "extremely fragile" default security configurations of Open-Claw, the viral artificial intelligence agent software.
国家互联网应急中心3月10日晚发布预警,提示近期爆火的人工智能代理软件OpenClaw默认安全配置"极为脆弱",存在较大安全风险。
In a release, the National Computer Network Emergency Response Technical Team said OpenClaw has recently seen surging downloads and usage, with major domestic cloud platforms all offering one-click deployment services.
预警指出,近期OpenClaw应用下载与使用情况火爆,国内主流云平台均提供了一键部署服务。
OpenClaw is an autonomous, open-source AI agent that leverages large language models to perform everyday tasks. Its curious red lobster logo has led Chinese users to playfully refer to it as the "AI lobster".
OpenClaw是一款开源人工智能体软件,可利用大语言模型执行日常任务。由于该软件的Logo是一个红色龙虾,中国用户也戏称它为"AI龙虾"。
The release said OpenClaw is designed to directly operate computers via natural-language instructions, noting that to enable its autonomous task execution, the agent is granted relatively high system privileges. That includes access to local file systems, the ability to call external service application programming interfaces, and permission to install extensions.
预警显示,OpenClaw的设计理念是依据自然语言指令直接操控计算机完成相关操作。为实现“自主执行任务”的能力,该应用被授予了较高的系统权限,包括访问本地文件系统、调用外部服务应用程序编程接口(API)以及安装扩展功能等。
However, the release warned that because OpenClaw's default security configuration is "extremely fragile", once attackers find a point of entry, they can easily gain full control of the system.
然而,由于其默认的安全配置极为脆弱,攻击者一旦发现突破口,便能轻易获取系统的完全控制权。
The team said some serious security risks have already emerged due to the improper installation and use of Open-Claw. For example, multiple medium — and high-risk vulnerabilities in OpenClaw have already been publicly disclosed, which could be maliciously exploited, leading to serious consequences such as system takeover and the leakage of private information and sensitive data.
国家互联网应急中心称,由于OpenClaw智能体的不当安装和使用,已经出现了一些严重的安全风险。例如,OpenClaw已经公开曝出多个高中危漏洞,一旦这些漏洞被网络攻击者恶意利用,则可能导致系统被控、隐私信息和敏感数据泄露的严重后果。
In addition, cyber attackers can embed hidden malicious instructions in a webpage and induce OpenClaw to read it, which may trick the agent into exposing system keys on a user's device, the release said.
此外,网络攻击者通过在网页中构造隐藏的恶意指令,诱导OpenClaw读取该网页,就可能导致其被诱导将用户系统密钥泄露。
The agency advised institutions and individual users to take security precautions when deploying and using OpenClaw, including strengthening network controls, strictly managing plugin sources, and closely following patches and security updates.
国家互联网应急中心建议相关单位和用户在使用OpenClaw时强化网络控制、严格管理插件来源、持续关注补丁和安全更新,切实采取安全防护措施。
cloud platform /klaʊd ˈplætfɔːm/云平台
one-click deployment /wʌn klɪk dɪˈplɔɪmənt/一键部署
leverage /ˈlevərɪdʒ/利用
large language model /lɑːdʒ ˈlæŋɡwɪdʒ ˈmɒdl/大语言模型
malicious instruction /məˈlɪʃəs ɪnˈstrʌkʃn/恶意指令
Hosts & Guests
No transcript available for this episode.
