The first batch of OpenClaw victims has emerged! Four safety bottom lines to know before installation.

Recently, someone became so engrossed in OpenClaw that they completely ignored security issues.

This led to their credit card being fraudulently used, resulting in significant losses.

VNC is bare and anyone can log in, directly control the browser, log into Google accounts, and access linked credit cards; this isn't even considered hacking, it's simply a buffet.

Some have suffered from virus implants, with Apple devices hijacked and various cloud backup information on phones, computers, and tablets stolen directly:

OpenClaw has become popular, and hackers are celebrating as they finally have live targets.

So how can we safely use OpenClaw?

Today, I will outline some precautions here.

OpenClaw Malicious Installation Packages

Beware of fake websites, that’s right, counterfeit products have appeared right from the source.

These websites have UIs that are very similar to the official site, but there's no guarantee on what they install:

So, make sure to recognize the official OpenClaw website:

https://openclaw.ai/

Even one letter off makes a difference! Even one letter off makes a difference! Even one letter off makes a difference!

Some might wonder, what happens if one letter is off?

For example, here is the npm installation command from the official OpenClaw website:

The command line code for installing OpenClaw looks like this:

npm i -g openclaw.

If you come across something like this (do not run it, do not run it): npm i -g openclawai

You might think there’s no problem; after all, openclaw+ai seems reasonable together.

Then you would be deceived, and the result is, installing openclawai means you've deployed a Remote Access Trojan (RAT).

It can steal everything from your macOS without leaving a trace.

This is a malicious npm package named @openclaw-ai/openclawai recently discovered by the security research agency JFrog.

This package masquerades as the OpenClaw installer, directly implanting a virus, and 178 people have already fallen victim to it.

Furthermore, even more bizarrely, apart from direct installation of OpenClaw, there are even "USB installer's" popping up.

It claims that by just plugging the USB stick into the computer, it can automatically install OpenClaw for you.

I just want to ask: Do you really dare to purchase an unknown USB stick from an obscure source and then plug it into your computer filled with data, accounts, work documents, and even linked bank cards and various private information?

You might think you are buying an "installer", but no one knows if what’s inside is OpenClaw, or a trojan, backdoor, remote control, or even a complete unknown risk that can directly hand over your computer.

Remember that in earlier years, USB sticks were one of the main means of spreading computer viruses.

So, how can we safely use OpenClaw?

My advice is:

Either install it manually yourself.

The premise is that you need to understand some basic technology; you can find a tech-savvy blogger and follow their tutorial.

The criteria are that you need to know how to run a command line, check the netstat status, and be aware if executing a command exposes your service to the public internet.

Or use ready-made options directly.

For example, there’s Zhipu’s AutoClaw and Kimi’s Kimi Claw, which use a simple one-click launch method provided by domestic manufacturers.

AutoClaw installs and deploys locally, using their GLM-5 model:

Official website:

https://autoglm.zhipuai.cn/autoclaw/

Kimi Claw is deployed on the cloud, using their Kimi-k2.5 model:

Official website:

https://www.kimi.com/bot

Everyone can choose based on their preferences, but installation is only the first step; make sure to implement the following four points as early warnings.

Safe Practices for OpenClaw

First Suggestion: Absolutely do not use your personal computer.

Let me share something that happened yesterday; shortly after the release of 3.7, the development team launched 3.8 stable version yesterday afternoon.

In the update log for 3.8, there were actually over 12 security fixes.

This software has not been out for a year yet, and there are certainly many vulnerabilities that need fixing, and many of them are quite critical.

We can wait for it to optimize further since its permissions are very high.

After all, it can read your emails, browse your browser, and control your mouse and keyboard at any time.

Second Suggestion: Absolutely do not open your public ports.

A friend of mine created a public exposure self-check tool, which can directly search if your deployed OpenClaw is exposed to the internet.

https://openclaw.allegro.earth/

You can check it now.

The older version of OpenClaw has a default setting that many people ignore after installation:

It listens by default at 0.0.0.0:18789

This would allow your computer to be accessed by other devices on the local network, and if there's a public IP, the information could even be exposed directly to the public internet.

This is one of the reasons many companies strictly prohibit deploying OpenClaw, as most companies have public IPs.

If OpenClaw is deployed using the default settings, it's no different from leaving your front door wide open for anyone to come in.

To be honest, the first time I saw so many default configurations, I was taken aback and checked a few pages on the website, with domestic IPs like Tencent Cloud, Baidu Cloud, and Alibaba Cloud all using port 18789.

So I advise everyone to enable authentication, do not run naked, do not open your public ports!

Third Suggestion: Absolutely do not install unknown skills.

Many people after installing OpenClaw find that what it can do alone is not enough, and they need to install corresponding Skills for it to work.

Most know to look for these on the official website.

Some people let OpenClaw search online for Skills directly.

However, the Skills information found by OpenClaw online.

Is mostly uncontrolled, with sources coming from everywhere, and no one is vetting what’s actually in the Skills.

Even if you diligently go to the official Skill store Clawhub, it might not be safe either.

As of now, there are 18,931 Skills on Clawhub.

Even if you look at 100 a day, without eating or drinking, it would take half a year to finish.

The official team is also reviewing, and they have deleted a batch before, but large numbers of new Skills are uploaded daily, and the review simply cannot keep up.

Moreover, some Skill publishers might even use scripts to boost download numbers artificially.

You open a Skill, see it has 3000+ downloads, thinking so many people use it, it should be fine.

But you might not realize it could manipulate something subtle in the .md document.

It could secretly add a string of prerequisites disguised with a Base64 encoding to steal your password information.

Or directly embed backdoors in the code, or attack right from the dependencies.

At worst, it could install mining scripts on your computer, making it run crazy, using your CPU and GPU power to earn money for someone else.

At best, it could directly steal your large model API Key, then call it recklessly, draining your token balance entirely.

So absolutely, absolutely, absolutely do not install unknown skills.

Look, fans in the group have also started playing with memes; of course, this is just a meme and won't actually turn into red packets automatically, but massive token consumption can indeed happen.

Fourth Suggestion: Be sure to set a limit on the token consumption for installations to avoid wallet losses.

Of course, most people cannot directly control the consumption speed of Tokens in OpenClaw.

Because it charges a certain amount of Tokens for each call, OpenClaw does not impose limits.

It only focuses on doing its job, regardless of how much is spent is not within its purview.

If you don’t want to watch your balance evaporate, you need to set an upper limit for replenishing the API Key on the platform in advance, or choose a package that meets your needs to prevent excessive spending.

Additionally, besides the package limit, there’s another habit to develop: regularly check the Token consumption records.

Most platforms have call logs, and you can see the consumption situation daily or hourly.

If at any point, you notice an unusually high consumption spike that you don’t recall, such as a large number of calls suddenly at three in the morning, or a specific task's Token consumption is far higher than before.

Immediately pause the running task, then go to the platform to cancel or reset the API Key and later check which Skill triggered it.

Conclusion

Each suggestion above is backed by real painful cases; the Ministry of Industry and Information Technology had already issued a security warning in February of this year.

Perhaps it’s because our generation has become accustomed to giving away more and more permissions in exchange for convenience: mobile apps, cloud synchronization, automatic backups, but OpenClaw is different.

At this stage, the chaos around OpenClaw may lead to increasing cases of scams.

So before we use OpenClaw, we must take precautions.

Avoid a day where: improper use of OpenClaw leads to silent tears from loved ones.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。