Chinese tech hubs promote OpenClaw AI agent despite security warnings

Chinese tech giants offer cheap, easy access to OpenClaw amid ‘lobster fever’

Shares of Hong Kong-listed MiniMax and Zhipu AI surge after launching OpenClaw tools.

Chinese tech hubs promote OpenClaw AI agent despite security warnings

OpenClaw, an open-source AI assistant that does everything from booking flights to organising email, has gained particular traction in China.

Tencent reportedly tests QClaw AI agent with one-click OpenClaw deployment · TechNode

Tencent is internally testing an AI agent tool called QClaw that allows users to control computers through natural language commands, according to people familiar with the matter. The product focuses on one-click deployment, packaging the open-source framework OpenClaw into a local startup bundle so users can launch it quickly without complex configuration. QClaw will support connections to major large language models including Kimi and MiniMax.…

Openclaw Impersonation Attack Steals Passwords and Crypto Wallet Data

A malicious npm package impersonating an installer for the Openclaw artificial intelligence (AI) agent framework is spreading credential-stealing malware designed to quietly take control of developer machines. Security Researchers Expose Malicious Openclaw npm Package Security researchers say the package is part of a supply-chain attack aimed at developers working with Openclaw and similar AI-agent tooling. […]

GhostClaw Masquerades as OpenClaw in Bid to Plunder Developer Data

A malicious npm package, @openclaw-ai/openclawai, that impersonates the legitimate OpenClaw CLI while quietly deploying a full-featured infostealer and RAT against developers’ machines. Internally branded “GhostLoader,” this threat combines polished social engineering, encrypted payload delivery, and long‑term persistence to exfiltrate almost every valuable secret a developer holds – from SSH keys and cloud credentials to AI agent […] The post G…

Malicious npm Package Posing as OpenClaw Installer Deploys RAT, Steals macOS Credentials

Cybersecurity researchers have discovered a malicious npm package that masquerades as an OpenClaw installer to deploy a remote access trojan (RAT) and steal sensitive data from compromised hosts. The package, named "@openclaw-ai/openclawai," was uploaded to the registry by a user named "openclaw-ai" on March 3, 2026. It has been downloaded 178 times to date. The library is still available for