Openclaw AI Goes Viral In China, Raising Cybersecurity Fears

“Hidden malicious instructions can be embedded in web pages to trick OpenClaw into executing them, potentially exposing system keys. Some plugins have also been identified as malicious or high-risk, and may steal credentials or carry out harmful actions once installed,” it said.

It warned that excessive permissions could allow attackers to seize control of systems and expose sensitive personal and financial data.

Large language models (LLMs) such as ChatGPT and DeepSeek can answer questions, write articles and suggest travel plans, but they act only when prompted. By contrast, an AI agent can connect a messenger (WhatsApp, Telegram or WeChat), an LLM, an email account, a storage device, and an e-wallet to operate on a schedule and execute tasks end-to-end, from brainstorming ideas to making payments, with minimal human input.

A year ago, Manus, developed by Beijing-based startup Butterfly Effect, emerged in China as an early example. Its AI platform can complete tasks in seconds, including planning trips, searching for overseas housing and analyzing financial statements.

Compared with Manus or other agentic AI platforms, OpenClaw offers two additional advantages. It can be downloaded to a personal computer and deployed locally for free, and its“lobsters” can automatically generate and test their own code to complete tasks through multiple approaches.

Some commentators say that using Manus is like renting a robot while OpenClaw is akin to owning and running the system yourself, with greater flexibility but also greater complexity and responsibility.

OpenClaw has gained rapid traction in China, with Tencent Cloud and Alibaba Cloud actively pushing adoption. On March 6, Tencent Cloud's engineers offered on-site“install and play” services in Shenzhen, helping hundreds of users open accounts on Tencent Cloud servers, deploy OpenClaw, configure models and connect messaging tools.

Initially, OpenClaw creator Peter Steinberger criticized Tencent for having copied content from the official ClawHub marketplace without coordination.

“They copy yet they don't support the project in any way,” he wrote on X. Tencent later became a sponsor via GitHub Sponsors on March 15, after which Steinberger signaled satisfaction with the support.

“The rise of 'lobsters' plays to Tencent's strengths in cloud and AI,” Tencent Chief Executive Pony Ma said at the company's annual results briefing on Wednesday.“By integrating agents with instant messaging apps, users no longer need to wait for responses. Tasks can run in the background, delivering a more 'human-like' experience that learns and adapts to individual preferences over time.”

He added that agentic AI represents a new deployment model, opening fresh opportunities across Tencent's ecosystem. He said the approach is also shaping the company's plans for WeChat AI, where mini software programs could undergo“lobsterization” and become increasingly intelligent, extending automation across a wide range of services.

Scientists broadly describe AI development in stages, from static LLMs to generative AI (creating songs and videos), and now to early agentic systems that can plan and act with tools. More advanced systems are expected to add memory and enable agent-to-agent collaboration, while artificial general intelligence (AGI) remains a longer-term goal toward which AI systems can work, aiming to operate like humans.

Today's systems are still in the early agentic phase. Users must decide how much access to grant, such as emails, documents and e-wallets, while recognizing that greater autonomy also brings higher cybersecurity risks.

In Europe, AI governance has taken shape through the EU AI Act, adopted in May 2024, which sets out responsibilities and penalties for AI providers and users. China has yet to introduce comparable rules, and authorities have told government bodies, state firms and schools to avoid installing“lobsters.”