--- title: "China issues new safety rules for OpenClaw. Here are the dos and don’ts" type: "News" locale: "en" url: "https://longbridge.com/en/news/278837384.md" description: "China's Ministry of Industry and Information Technology has issued new safety guidelines for the AI agent OpenClaw, developed with input from various stakeholders. The guidelines recommend practices such as using the latest version, minimizing internet exposure, and being cautious with third-party offerings. Users are warned against outdated versions and excessive permissions that could lead to security risks. This follows a previous warning about potential vulnerabilities, including prompt injection attacks. OpenClaw, acquired by OpenAI, has gained popularity, prompting local firms and governments to support its adoption." datetime: "2026-03-12T07:23:56.000Z" locales: - [zh-CN](https://longbridge.com/zh-CN/news/278837384.md) - [en](https://longbridge.com/en/news/278837384.md) - [zh-HK](https://longbridge.com/zh-HK/news/278837384.md) --- # China issues new safety rules for OpenClaw. Here are the dos and don’ts A unit of China’s Ministry of Industry and Information Technology (MIIT) has issued guidelines on best practices and prohibitions for adopting and using OpenClaw, the popular artificial intelligence agent that continues to dominate the market. The advisory, developed in collaboration with AI agent providers, vulnerability platform operators and cybersecurity firms, aims to address risks in typical use cases of “lobster”, OpenClaw’s mascot, according to a Wednesday statement from the MIIT-run National Vulnerability DataBase (NVDB). The guidelines recommend six practices: use the official latest version, minimise internet exposure, grant only the minimum permissions necessary, exercise caution when using the skill market filled with third-party offerings, guard against browser hijacking, and regularly check for patch vulnerabilities. By contrast, users are warned against using outdated or third-party mirror versions of OpenClaw, exposing AI agent instances to the internet, enabling administrator accounts during deployment, installing skill packs that require entering passwords, browsing unverified websites, and disabling detailed log auditing functions. The NVDB also provided instructions on restricting internet access, scanning files and uninstalling the software. It highlighted scenarios where risks may arise, such as connecting instant messaging apps to OpenClaw, which could grant “excessive permissions that enable malicious reading, writing or deletion of any files”. This marks the second warning from the NVDB, which in February cautioned that improper handling of the agent could expose users to high-level security risks. China’s cybersecurity circle has stepped up oversight of the open-source technology. On Tuesday, the National Computer Network Emergency Response Technical Team/Coordination Center of China (CNCERT) said OpenClaw could be vulnerable to threats including “prompt injection”, in which attackers embed hidden malicious instructions in webpages that could trick the software into leaking system keys. CNCERT is a non-governmental and non-profit cybersecurity technical platform. Released by Austrian developer Peter Steinberger late last year, OpenClaw – formerly known as Clawdbot and Moltbot – has gained global traction for its ability to perform tasks on a user’s behalf, such as organising and responding to emails, drafting work reports and preparing slide decks. It was acquired by OpenAI last month, sparking worldwide hype. Chinese firms including Alibaba Group Holding, Tencent Holdings and ByteDance have quickly embraced the trend, rolling out their own versions of OpenClaw for easier or cheaper adoption. Local governments in Shenzhen in the southern province of Guangdong as well as Nanjing and Wuxi in eastern Jiangsu province have also drafted supportive policies for the software. ### Related Stocks - [OpenAI.NA](https://longbridge.com/en/quote/OpenAI.NA.md) ## Related News & Research - [OpenAI’s Sam Altman Apologizes for Failing to Alert Police Before Deadly Tumbler Ridge Shooting-But Is ChatGPT Really To Blame For This Tragedy?](https://longbridge.com/en/news/284320025.md) - [SpaceX, OpenAI, Anthropic: The AI mega‑IPO trio set to reshape the S&P 500](https://longbridge.com/en/news/284273316.md) - [Why is OpenAI missing targets even as AI investment hits record highs?](https://longbridge.com/en/news/284310128.md) - [OpenAI Debuts GPT-5.5 Claiming Agentic Coding and Research Gains](https://longbridge.com/en/news/284002977.md) - [OpenAI now lets you screenshot your privacy in the foot](https://longbridge.com/en/news/283874766.md)