Recently, I've helped quite a few people install OpenClaw, and I've seen a lot of online discussion about security issues. MIIT (China's Ministry of Industry and Information Technology) issued a security advisory, some people disclosed vulnerabilities, and others claimed they suffered losses. I want to break down a few interesting points here.
No Software Is Secure
OpenClaw does have security issues. An open-source project less than three months old with the fastest global user growth rate is bound to attract malicious actors. Windows and Linux were the same in their early days—the more users, the more attention from attackers.
But when it comes to vulnerabilities, what matters most is patching speed.
You Might Not Realize How Fast It Updates
When I helped people install it, I noticed something: three days ago it was version 2026.3.2, the day before yesterday it became 2026.3.7, and yesterday it jumped to 2026.3.8. The differences between each version are quite substantial.
The founder of OpenClaw posted something when their GitHub star count surpassed React and Linux, roughly saying: React and Linux power half the internet; we're just a crayfish, but we pushed 90 new commits yesterday. They hold annual conferences to celebrate; we iterate at high intensity every single day.
The official team is patching, attackers are looking for breakthroughs, and both sides are accelerating.
Wrapper Products Are the Real Danger
Once you understand this velocity, you'll see why wrapper products are dangerous.
Many products on the market simply repackage a specific version of OpenClaw and sell it. But each official upgrade may adjust the underlying architecture, and wrapper products can't keep up continuously for the sake of stability. It's essentially fossilizing all known vulnerabilities of that particular version.
You might be running a Windows XP that never gets patched. All newly discovered vulnerabilities after that version apply to you. If you actually care about security, first check whether you're using a repackaged version.
The Model Is the Goalkeeper
There's another easily overlooked factor: the model you connect determines your security ceiling.
OpenClaw is an AI agent; the model is the goalkeeper in the middle. If you connect a cheap, weak model to save money, it becomes especially vulnerable to prompt injection. It'll spill everything, giving attackers whatever they ask for.
A stronger model can recognize malicious instructions and refuse suspicious requests. A dumb model leaves the door wide open.
But What About You?
After talking about the crayfish's security, ask yourself: How many of your passwords are 123456 or your name? Do you use the same password across different websites? Does your home WiFi use certificates and keys? Can just anyone deploy to your company's production servers?
Attack capabilities in the AI era have changed. Previously, Anthropic built a security-focused agent for penetration testing that uncovered dozens of critical vulnerabilities in random systems. Most current defense lines don't even involve agents yet—they're inherently fragile.
The crayfish is insecure? Your other systems are probably even more insecure.
What Do You Actually Have on Your Computer?
Many people worry about security, but calm down and think: what valuables do you actually have on your computer?
Bank card passwords stored on your computer? Unlikely. What's probably at risk is an account worth maybe 30 yuan a month.
Instead, things many people haven't paid attention to are more worth considering: uploading your face to text-to-video services means handing over your digital identity directly. Which is more serious—your face being used by others to generate videos, or a 30-yuan account getting stolen? Many people don't seem to care about the former.
What You Should Actually Do
Rather than worrying, do a few practical things.
Find an old computer or a cheap small server dedicated to running OpenClaw. With no important data on it, even if a hacker breaks in, there's nothing there to exploit. This machine works for you continuously, but your most critical data stays off it. Physical isolation is the most straightforward and effective measure. As I mentioned when discussing legal issues around edge AI devices, the device is yours, the responsibility is yours, and security is an architectural concern. Don't deploy it on your most important work or personal machine—besides the security risks, it consumes computing resources and will slow down your computer. That's a very practical concern.
Then stay in sync with official updates. OpenClaw changes on a daily basis; if you stay on one version for two weeks without moving, you're already behind. The value of keeping up may be greater than you think.
If you have the means, invest a bit more in the model.
My Take
For most ordinary people, there isn't much to steal from OpenClaw, but it can continuously work for you. I think it's a pity to be too worried about security to use it. If you haven't installed it yet, check out this tutorial on installing OpenClaw with a single command.
Of course, if you have significant assets and are highly security-sensitive, then spend a bit more money on a dedicated device, implement proper physical isolation, and use a better model. These investments are nothing compared to what you're protecting.
Start using it, and protect what needs protecting.