China issues new safety rules for OpenClaw. Here are the dos and don’ts

A unit of China's Ministry of Industry and Information Technology (MIIT), the National Vulnerability Database (NVDB), has issued a formal safety advisory for users of the dominant OpenClaw AI agent. Developed in collaboration with AI agent providers, vulnerability platforms, and cybersecurity firms, the guidelines aim to address security risks during the current "adoption frenzy." The advisory is structured as six "dos" and six "don'ts," providing clear best practices and prohibitions for deploying and using the agent, which is symbolized by its mascot "lobster."

The six recommended practices include using the official latest version, minimizing the agent's exposure to the internet, granting only the minimum necessary permissions, exercising caution in third-party skill markets, guarding against browser hijacking, and regularly checking for patches. Conversely, the prohibitions warn against using outdated or unofficial mirror versions, exposing instances to the open internet, enabling admin accounts during deployment, installing skill packs that require passwords, browsing unverified websites, and disabling log auditing. The NVDB highlighted specific high-risk scenarios, such as connecting OpenClaw to instant messaging apps, which could grant excessive permissions for malicious file operations.

This move represents a significant regulatory step for a specific AI technology within China's digital ecosystem. By targeting OpenClaw—a market-dominating agent platform—the guidelines signal a focused approach to managing the security implications of autonomous AI tools. The advisory provides concrete technical instructions, including how to restrict internet access and uninstall the software, offering users a actionable framework to mitigate risks associated with powerful, general-purpose AI agents.