National Security Bureau: "Lobster" (OpenClaw) Safe Aquaculture Manual

Ask AI · How can shrimp farmers prevent their hosts from being remotely controlled?

OpenClaw (nickname “Lobster”) is an open-source AI agent tool that quickly grew into a phenomenon in 2026, known as a “miracle of open source.” Many users pay to install “Lobster,” and some even pay to uninstall it. Raising “Lobster” has become a celebration of intelligent agents. However, while the popular “Lobster” innovates and changes lives, it also carries inherent risks. We especially advise users to discern rationally, use responsibly, and embrace the AI era with a positive attitude and cautious execution, so that “Lobster” becomes a compliant, efficient “digital employee.”

Understanding the Production Features of “Lobster”

“Lobster” AI agents integrate communication software and large language models, relying on high permissions to achieve autonomous operation, which is its core advantage.

— From “providing solutions” to “implementing and executing.” Unlike large model agents that offer advice through Q&A, “Lobster” can remotely execute user commands via chat programs to complete tasks independently.

— From “fixed functions” to “multiple plugins.” “Lobster” comes with numerous skill plugins that users can download and use directly, forming a toolchain covering file management, email drafting, calendar scheduling, web browsing, scheduled tasks, and more.

— From “ordinary tools” to “self-evolution.” “Lobster” can remember user usage records over the long term, continuously understanding user behavior preferences, “getting to know users better the more it’s used,” which is why people call it “raising Lobster.”

— From “passive waiting” to “active service.” “Lobster” can proactively perceive external situations based on user requests, trigger alerts or perform actions, completing intelligent services like issuing commands at night and retrieving results in the morning.

Risks and Hidden Dangers of Raising “Lobster”

— Host machine may be hijacked. To enable “task execution,” users often grant it the highest system permissions, which can lead to data loss caused by AI misoperations. More seriously, once running, it may be covertly accessed by attackers to gain device management rights, leading to remote control of the host, illegal resource occupation, and other security risks.

— Data may be stolen. Some users lack security awareness, entrusting “Lobster” with sensitive personal data. If compromised, it could lead to privacy leaks, financial loss, and safety hazards.

— Speech may be tampered with. “Lobster” can autonomously speak on social networks. If taken over by attackers, it could be used to generate and spread false information, conduct scams, and carry out illegal activities.

— Technology may have vulnerabilities. “Lobster” lacks professional maintenance and vulnerability repair mechanisms. Attackers could exploit malicious plugins or injection attacks to induce the agent to break permissions, actively steal core sensitive information from local devices, with stealth far surpassing traditional Trojan programs.

Essential Safety Guidelines for “Shrimp Farmers”

— Conduct a full health check on your “Lobster.” Check if control interfaces are exposed to the internet, if permissions are overly high, if stored credentials have leaked, if plugin sources are trustworthy, etc. For serious security risks, immediately isolate or take it offline.

— Protect your “Lobster.” Follow the principle of least privilege, strictly limit the agent’s operational scope. Encrypt sensitive stored data, establish comprehensive operation audit logs, run “Lobster” in isolated environments (such as dedicated virtual machines or sandboxes), and restrict access to core resources.

— Make your “Lobster” obedient and useful. “Lobster” is not a digital pet for entertainment but a “digital employee” capable of autonomous task execution, process handling, and continuous learning. Raising “Lobster” requires rational understanding and standardized use, ensuring it becomes a compliant, safe, controllable digital tool to improve governance efficiency and serve production and daily life.

Source: Ministry of National Security