From Conversation to Action: What is OpenClaw? How Skills Enable AI to Truly Start Working
Recently, the AI community has begun to discuss a new term — OpenClaw. Unlike the discussions around the capabilities of …
A few months ago, a popular open-source AI tool called OpenClaw emerged, targeting a wide range of technical areas.
It can operate either locally or on the cloud, and once installed, it resembles a true automation assistant—capable of sending emails, running scripts, handling documents, and even remotely interfacing with other systems. In a nutshell, OpenClaw is like an enhanced version of a productivity tool. However, as people integrate it with their devices, accounts, and networks, a practical issue surfaces:
👉 This AI has become too capable and poses too many risks.
1. From Citizen-Friendly AI to Public Risk
The explosive growth of OpenClaw is not only due to its cost-free access but also because of its powerful functionality. Users need just a few steps to set it up, enabling it to continuously perform tasks locally, on the cloud, or across various platforms, essentially facilitating automated operations and code execution.
Many only see it as a “chat assistant” and overlook the serious implications behind:
It has systemic-level access, can access files, execute commands, and connect to external APIs.
In just a few weeks, the security sector has already detected over 3 million instances of OpenClaw exploitation on public networks. Notably, there have been numerous default access requests or even unauthorized access to credential verification.
This trend has been labeled by external researchers as "AI Gone Rogue".
2. Multiple Layers of Concealed Risks
1️⃣ Access Control: AI Can Potentially Oversee Entire Systems
OpenClaw inherently has local access control. If configured incorrectly, attackers could exploit it to erase files, modify system settings, or access sensitive data.
2️⃣ Suggested Sentences Attack: One Phrase Can Grant Access
Attackers can embed harmful prompts in web pages, emails, or documents. AI might mistakenly execute undelegated actions, such as querying API keys or account passwords.
3️⃣ Plugin Injection: Misconfigured Skills Could Be Exploited
ClawHub hosts thousands of skills. Some unreviewed skills may contain malicious code, which could trigger environmental changes, breaches, or unauthorized command executions.
4️⃣ Network Attack: Exposed Ports at Risk of Being Breached
Many users directly deploy OpenClaw instances on cloud services and expose port 18789. Researchers have discovered that these exploits can be automatically scanned and penetrated within minutes, causing significant breaches. Additionally, some users have simplified their security by closing down access or reducing access sensitivity.
5️⃣ Data Leakage: AI Could Retain Excessive Information
OpenClaw may retain operational logs, credential information, and procedural history. If such data remains unencrypted or appears on public networks, it might cause severe data leakage incidents.
3. Real-World Safety Incidents
Several real incidents have already proven that these risks are not fabricated:
- External users deployed OpenClaw and triggered a large-scale breach, all files were deleted via WebSocket input.
- A user installed a harmful plugin, causing the system credentials to be sent to an external server.
- Someone reported on Reddit that AI mismanaged remote access control, executing unintended actions.
The ideal function of “AI assisting you” is transforming into “AI assisting malicious actors”.
4. We Need Safer AI Operating Methods
OpenClaw is inherently not a malicious project. The issue is that its default access levels are too high, and users’ awareness of security remains too low. When AI tools have operational power, they must have defined security boundaries and isolation environments. If we can allow AI to operate in a separate, secure space, many threats could potentially be mitigated.
5. A Better Solution: Use DuoPlus AI Cloud Devices for Enhanced Security
Compared to directly accessing devices or cloud servers, DuoPlus has introduced a new Duo+ AI assistant that handles tasks remotely by using a cloud device, eliminating the need to access local data or systems:
- ✅ All operations take place in the virtual cloud device background and do not directly access real installations.
- ✅ Data encryption transmission ensures data security and privacy.
- ✅ No need for redundant configurations; a single command can allow AI to autonomously complete tasks such as streaming content, posting comments, or responding to messages.
This way, AI can still execute tasks efficiently while maintaining a secure and manageable environment.
Conclusion
OpenClaw reveals the enormous potential of AI technology and enables people to perceive the balance between capability and risk. Future AI productivity must be established on a foundation of secure technology.
Let AI operate safely in the cloud, making AI cloud phone your best choice for avoiding risks and releasing production potential.
