The first victims of "raising lobsters" have appeared! Someone is specifically paying to uninstall...

Recently, a “Lobster Farming” craze has swept the internet.

Because the open-source AI agent tool OpenClaw features a red lobster icon and is called “Lobster” by users, it has gained widespread attention. It integrates communication software and large language models to autonomously perform complex tasks on users’ computers, such as file management, email sending and receiving, and data processing.

As the “Lobster Farming” trend spreads, many companies have announced “Lobster” models, and some regions have already applied it to government service scenarios.

However, “Lobster Farming” also carries significant risks and hidden dangers.

On March 11, a related topic #TheFirstBatchOfLobsterFarmersHaveStartedUninstalling# trended on social media, sparking heated discussions online. Some users reported issues such as emails being deleted randomly and privacy leaks during “Lobster” usage.

• According to Cover News, a user shared their experience with OpenClaw online: they handed over their work email to OpenClaw with instructions: “Check the inbox and suggest emails to archive or delete.” They specifically added a restriction: “No actions without permission.” However, the “Lobster” ignored these instructions and, despite repeated commands to stop, crazily deleted hundreds of emails.

• According to Xin Consumption Daily, a programmer in Shenzhen shared that on the third day after installing OpenClaw, their API key was stolen, resulting in a token bill of up to 12,000 yuan overnight. Due to OpenClaw’s high level of automation permissions, once the key is compromised, the AI can call models wildly in the background, causing users to unknowingly incur huge expenses.

The privacy and security risks brought by “Lobster Farming” continue to raise public concerns.

According to Blue Whale News, after OpenClaw became popular, it also boosted the second-hand trading platform’s “Lobster On-site Installation Service.” Recently, however, uninstallation services have quickly become a new hot business.

Regarding the current AI craze, some netizens believe that we should remain rational when facing emerging AI tools and avoid blindly following trends.

Others have called for the rapid introduction of relevant laws and regulations to standardize the development and use of AI technology:

Official Risk Alerts

On February 5, the Cybersecurity Threats and Vulnerabilities Information Sharing Platform of the Ministry of Industry and Information Technology detected that some instances of the open-source AI agent OpenClaw pose high security risks under default or improper configurations, which could easily lead to cyberattacks and information leaks.

On March 10, the National Internet Emergency Center issued another risk warning regarding the safe application of OpenClaw.

The warning states that OpenClaw’s default security configuration is fragile and easily exploitable, with attackers potentially gaining full control of the system. Currently, four serious security risks have been identified: prompt injection, misoperation, plugin poisoning, and security vulnerabilities.

Experts advise: Use “Lobster” and other AI agents cautiously

Experts from the China Academy of Information and Communications Technology warn that although the “Lobster” agent has been updated to the latest version, fixing known security vulnerabilities, this does not mean all security risks are eliminated.

They urge government agencies, enterprises, institutions, and individual users to exercise caution when using “Lobster” and similar AI agents. If security flaws or threats and attacks targeting “Lobster” are discovered, users should promptly report them to the Cybersecurity Threats and Vulnerabilities Information Sharing Platform of the Ministry of Industry and Information Technology. The platform will organize timely responses according to the “Regulations on the Management of Security Vulnerabilities of Network Products.”

How to safely “Farm Lobster”?

Experts recommend the following measures for secure use of “Lobster” AI agents:

First, use the official latest version.

When deploying, prioritize downloading the latest stable version from official channels, and enable automatic update notifications. Back up data before upgrading, restart services after updates, and verify that patches are effective. Do not use third-party images or outdated versions.

Second, strictly control internet exposure.

Never expose “Lobster” instances to the public internet. Limit access sources, and use strong passwords, certificates, or hardware keys for authentication.

Third, adhere to the principle of least privilege.

During deployment, avoid using administrator accounts. Grant only the minimum permissions necessary to complete tasks, and require secondary confirmation or manual approval for critical operations like deleting files, sending data, or modifying system configurations.

Fourth, be cautious with skill marketplaces.

ClawHub is a community platform providing skill packages for “Lobster” users. These packages may contain malicious injections. Download carefully, review the code before installation, and refuse any packages that request “download zip,” “execute shell scripts,” or “input passwords.”

Fifth, prevent social engineering attacks and browser hijacking.

Avoid visiting unknown websites and clicking on unfamiliar links. Use web filtering extensions to block suspicious scripts, enable rate limiting and log auditing for OpenClaw, and disconnect from the network and reset passwords immediately if suspicious activity is detected.

Sixth, establish long-term protective mechanisms.

Enable detailed log auditing, regularly check and patch vulnerabilities. Government agencies, enterprises, and individual users should combine cybersecurity tools and mainstream antivirus software for real-time protection. Keep up with official security alerts from OpenClaw and vulnerability databases like the Cybersecurity Threats and Vulnerabilities Information Sharing Platform to promptly address potential risks.

Users should thoroughly understand and implement security configuration standards when using “Lobster” and similar AI agents, cultivating safe usage habits.

This article is from China Fund News.

Risk warning and disclaimer

Market risks are inherent; investments should be cautious. This article does not constitute personal investment advice and does not consider individual users’ specific investment goals, financial situations, or needs. Users should assess whether the opinions, viewpoints, or conclusions herein are suitable for their circumstances. Investment based on this information is at their own risk.