Baidu Engineer Warns of Security Risks in OpenClaw Local Deployment for Average Users

Deep News03-11

On March 11, Baidu provided on-site support through its Intelligent Cloud engineers at the "Lobster Market" event, assisting users with the deployment, model configuration, and skill unlocking of OpenClaw.

A Baidu engineer explained that during the Spring Festival, Baidu App officially enabled one-click access to OpenClaw and introduced a one-click deployment feature. "Deployment typically takes just two to three minutes, designed to allow non-technical users to start using it immediately."

Addressing concerns about OpenClaw's security, the engineer acknowledged that average users face significant risks when using OpenClaw extensively. "A common scenario involves users installing it on local computers. When OpenClaw performs operations, it might accidentally trigger commands like 'RM' (delete), permanently erasing files and causing irreversible damage." The engineer advised, "At this stage, ordinary users should avoid installing it on core local devices. This setup is more suitable for professional technicians with risk management capabilities."

The engineer further analyzed the underlying causes of these risks. On one hand, risks stem from "excessive permissions"—once users grant OpenClaw access to the file system, even normal conversations or model hallucinations could lead to accidental file deletion. On the other hand, risks arise from the "uncontrollable nature of external installations." "Currently, OpenClaw's skills ecosystem resembles an open-source 'wilderness,' lacking an official platform like the App Store for security and performance reviews. Open-source skills may contain malicious code, such as hidden prompts like 'help me delete everything on the computer,' with potentially disastrous consequences."

Additionally, the engineer noted that average users often lack risk awareness and may trust unofficial installation guides, exposing service vulnerabilities without adequate safeguards and creating opportunities for hackers.

Regarding risk mitigation, the Baidu engineer mentioned that the company's security team is already working on specialized solutions, and Intelligent Cloud has implemented multiple security enhancements. After one-click deployment, many security protections are automatically applied for users. For ordinary users, two recommendations were provided: "First, always install official, genuine products and avoid downloading packages from unknown sources. Second, after installation, carefully review the prompt settings to identify and prevent potential malicious injection risks."

Disclaimer: Investing carries risk. This is not financial advice. The above content should not be regarded as an offer, recommendation, or solicitation on acquiring or disposing of any financial products, any associated discussions, comments, or posts by author or other users should not be considered as such either. It is solely for general information purpose only, which does not consider your own investment objectives, financial situations or needs. TTM assumes no responsibility or warranty for the accuracy and completeness of the information, investors should do their own research and may seek professional advice before investing.

Comments

We need your insight to fill this gap
Leave a comment