“养龙虾”爆火，国家互联网应急中心、中国信通院专家提示风险

Core Viewpoint - The article emphasizes the security risks associated with the OpenClaw application and the need for users to implement stringent security measures to mitigate these risks [2][6]. Security Risks - OpenClaw has been identified to have several serious security risks due to improper installation and usage, including "prompt injection" risks, "misoperation" risks, plugin poisoning risks, and security vulnerabilities [2]. - The rapid iteration of AI agents like "Lobster" does not guarantee the complete elimination of security risks, even with updates to the latest versions [6]. Recommended Security Measures - Network Control: Users should not expose OpenClaw's default management port to the public internet and should implement identity authentication and access control measures [3]. - Credential Management: Avoid storing keys in plaintext within environment variables and establish a comprehensive operation log auditing mechanism [4]. - Plugin Management: Strictly manage the sources of plugins, disable automatic updates, and only install extensions from trusted channels that have been signed and verified [5]. - Patch Management: Continuously monitor for patches and security updates, ensuring timely version updates and installation of security patches [6]. User Responsibility - Users, including government agencies and enterprises, are urged to use AI agents like "Lobster" cautiously and report any security vulnerabilities or threats to the relevant authorities for timely action [7].