March 16 news, yesterday, China InternetFinance AssociationPublication of the OpenClaw Applying safe risk tips in Internet finance。
The Internet Finance Association of China warns that OpenClaw AgentWhile it improves the efficiency of its work, its default high-system privileges and weak security configurations, which are easily exploited by the attackers, represent a breakthrough for the theft of sensitive data or for the illegal manipulation of transactions, posing serious risk challenges for the industry。
The China Internet Finance Association recommends that financial consumers install OpenClaw with extreme care at the end of their personal financial operations, such as online banking, securities transactions and payments. If it is necessary to install, it is recommended not to grant financial service-type system operating privileges, to follow up on the OpenClaw loopholes in a timely manner, to install strict functionality plugins and not to enter sensitive information such as ID numbers, bank card numbers, payment codes, etc. at the time of use. In addition, the continuous use of large model interfaces during the operation of such applications may result in high Token costs and suggest that users pay close attention。
The full text of the 1AI attachment follows:
Recently, the open-source AI (OpenClaw (“crawfish”) intelligent, which regularly defaults to access higher system privileges to directly manipulate terminals such as computers according to natural language commands, continues to climb with the use of heat. The Ministry of Industry and Information Technology ' s Web Security Threats and Gap Information Sharing Platform (NVDB) and the National Internet Emergency Response Centre (CNCERT) have recently issued security risk alerts. At present, the Internet financial industry is highly digitized, directly processing key sensitive information such as funds, assets, accounts and personal financial data of clients. OpenClaw ' s smart body, while improving its work efficiency, has defaulted on high-system privileges and weak security configurations, which can be easily exploited by attackers and become a breakthrough for the theft of sensitive data or illegal manipulation of transactions, posing serious risk challenges for the industry. In response, the China Internet Finance Association (CIFI) is now providing the following risk indicators:
Main risk performance
(i) Risk of financial loss
OpenClaw has publicly disclosed multiple high- and medium-risk loopholes that can be used by the attackers to gain control of the equipment, for example, through the introduction of hints. In addition, its commonly used functionality plugin (Skills) lacks effective community safety clearance mechanisms, and there have been several cases of malicious plug-in poisoning. In the financial context, the above-mentioned risks may result in the loss of the customer ' s funds through the use of sensitive financial information such as the theft of online silver codes, payment keys, securities trading API vouchers, etc., so as to access the online banking, securities trading systems, etc。
(ii) Transaction risk
OpenClaw smarts have the capacity to perform multi-step operations on their own, and users already use them for financial scenarios such as stock surveillance and investment strategy feedback. The automated implementation process may result in actual losses by mishandling funds transfers and investment product purchases. At present, artificial intelligence techniques are not fully interpretative, and it is difficult to identify those responsible for automated execution of financial transactions, and there is greater uncertainty about the relevant legal liability。
(iii) Data compliance risk
OpenClaw smarts have a permanent memory function, and the data generated during the operation are continuously stored in local session records and memory files, and the data may be transmitted to a third party when they call a large model API interface or other operations. The Internet financial scene involves highly sensitive data, such as letter data, credit approval materials and trade flows, which, when entered into the AI processing chain, may be accessible to and remain in a life cycle beyond what is necessary for the purpose of the original business, posing a risk of financial data management compliance。
(iv) Emerging fraud risks
FRAUDULENTS MAY USE WORDS SUCH AS “AI SURROGATE” “STABLE PROFITS” TO COMMIT INVESTMENT FRAUD, USING “CRAWFISH” HEAT TO IMITATE FINANCIAL INSTITUTIONS TO PUBLISH FALSE INFORMATION AND INDUCE THE PUBLIC TO DOWNLOAD COUNTERFEIT APPLICATIONS OR TRANSFER TO DESIGNATED ACCOUNTS. IN ADDITION, THE OUTLAWS MAY ACQUIRE CONSUMER CONTROL OF EQUIPMENT IN THE NAME OF “REPLACEMENT” SUCH AS “TELE-DEBUGGING” AND USE THE OPPORTUNITY TO EMBED MALICIOUS PROCEDURES OR STEAL SENSITIVE FINANCIAL INFORMATION. REPORTS INDICATE THAT FINANCIAL FRAUD CASES INVOLVING AI ARE GROWING RAPIDLY AND THAT THE PUBLIC ' S ABILITY TO IDENTIFY SUCH NEW MEANS OF FRAUD NEEDS TO BE IMPROVED。
Preventive recommendations
In response to these risks, the China Internet Finance Association has made the following precautionary recommendations:
(i) It is recommended that financial consumers install OpenClaw with extreme care at the end of their personal financial operations such as online banking, securities transactions, payments, etc. If it is necessary to install, it is recommended not to grant financial service-type system operating privileges, to follow up on the OpenClaw loopholes in a timely manner, to install strict functionality plugins and not to enter sensitive information such as ID numbers, bank card numbers, payment codes, etc. at the time of use. In addition, the continuous use of large model interfaces during the operation of such applications may result in high Token costs and suggest that users pay close attention。
(II) IT IS RECOMMENDED THAT FINANCIAL CONSUMERS BE EXTREMELY VIGILANT ABOUT FINANCIAL FRAUDS CARRIED OUT IN THE NAME OF “SHRIMP MANAGEMENT”, “AI SURROGATE STOCK”, “STABLE PROFIT AND LOSS”, WHICH INVOLVES OPERATIONS SUCH AS TRANSFERS, INVESTMENTS, ETC., AND THE NEED TO GAIN ACCESS TO PERSONAL EQUIPMENT THROUGH FORMAL CHANNELS AND TO BE TRUSTED IN THE NAME OF “REPLACEMENT” “REMOTE DEBUGGING”。
(iii) It is recommended that business institutions not install OpenClaw on terminals involving financial operations, such as customer information processing, fund operations, wind audits, transaction execution, and not enter or access to sensitive data, such as customer financial information, transaction data, credit approval materials, into that intelligence body or its processing links。
(iv) It is recommended that industry agencies integrate the safety management of the application of intelligent bodies such as OpenClaw into the scope of their own information security management, and organize specific security training for their employees to enhance their ability to identify and protect against security risks associated with the application of such smarts。
China Internet Finance Association
15 March 2026