China issues new safety rules for OpenClaw. Here are the dos and don’ts

A unit of China’s Ministry of Industry and Information Technology (MIIT) has issued guidelines on best practices and prohibitions for adopting and using OpenClaw, the popular artificial intelligence agent

that continues to dominate the market.

The advisory, developed in collaboration with AI agent providers, vulnerability platform operators and cybersecurity firms, aims to address risks in typical use cases of “lobster”, OpenClaw’s mascot, according to a Wednesday statement from the MIIT-run National Vulnerability DataBase (NVDB).

The guidelines recommend six practices: use the official latest version, minimise internet exposure, grant only the minimum permissions necessary, exercise caution when using the skill market filled with third-party offerings, guard against browser hijacking, and regularly check for patch vulnerabilities.

By contrast, users are warned against using outdated or third-party mirror versions of OpenClaw, exposing AI agent instances to the internet, enabling administrator accounts during deployment, installing skill packs that require entering passwords, browsing unverified websites, and disabling detailed log auditing functions.

The NVDB also provided instructions on restricting internet access, scanning files and uninstalling the software.