The initial wave of users adopting the 'Lobster' AI agent has begun uninstalling the software. The trend of 'raising a lobster' is sweeping across the Chinese internet at an unprecedented rate. However, as the initial excitement fades, a growing number of users are discovering that this 'digital employee' is quietly draining their wallets and posing threats to their data security.
On second-hand platforms, many vendors who previously offered installation and setup services for the 'lobster' have now listed uninstallation services. This business model, which handles both installation and removal, is being humorously referred to as 'getting two meals from one lobster.'
Insiders from the internet industry reveal that the hidden costs of 'raising a lobster,' such as computational power consumption and hardware maintenance, are significant. Depending on the intensity of Token consumption from connecting to different large language models, either domestic or international, users can expect monthly expenses ranging from tens of yuan to over a thousand yuan.
Concurrently, security risks associated with AI agents are drawing attention. Multiple departments, including the Ministry of Industry and Information Technology, have issued safety warnings. Zhou Hongyi from 360 compared AI agents to new interns, cautioning users to 'be careful when raising a lobster.'
Cybersecurity experts warn that in commercial office environments, especially companies dealing with technical secrets or core code, employee use of such AI agents should be strictly restricted. For individual users, it is essential to protect sensitive information diligently. They are advised against using such software to directly access online banking accounts and passwords to prevent theft by attackers.
Is 'Raising a Lobster' Really Worth It? Check the Compute Bill First!
OpenClaw is an AI agent capable of autonomously performing computer operations and completing complex tasks across different software. It earned the 'lobster' nickname due to its icon's resemblance to one. The core advantage of 'raising a lobster' lies in breaking the limitations of traditional AI's 'passive response' mode. Users can configure local devices or cloud servers to create their own AI agent, automating tasks like email management, data scraping, and schedule organization.
The 'lobster-raising' wave spread rapidly, boosting demand for related products and services such as Apple Mac mini M4 device rentals and setup tutorial guides, leading to a surge in searches and transactions on second-hand platforms. Simultaneously, local governments, including those in Shenzhen's Longgang District and Wuxi High-Tech Zone, quickly introduced special support policies. Major internet companies like Tencent have also entered the fray, offering 'lobster installation' services. The market capitalization of MiniMax, a large model company natively supported by OpenClaw, has even surpassed that of Baidu.
However, as the first wave of early adopters moved past the initial excitement, practical issues began to surface.
The most immediate concern is hidden costs. An internet industry insider stated that the primary investment in 'raising a lobster' is the computational cost, specifically the Token fees required to 'feed the lobster,' which constitutes the largest expense. 'OpenClaw is just a tool; it needs to connect to a large model as its brain. Every task execution and interaction consumes Tokens. Even if users are not actively using it, OpenClaw might run in the background, continuously consuming Tokens, which must be purchased from the large model platforms, each with different pricing structures.'
Reportedly, based on Token consumption intensity, if users choose to connect to domestic large models, light users might spend approximately 50 to 200 yuan per month, moderate users around 200 to 500 yuan, and heavy users over a thousand yuan. Opting for international models like GPT-4 or Claude would incur even higher costs.
Furthermore, 'raising a lobster' involves basic operational costs—the expense of hardware or a runtime environment, essentially 'providing a home for the lobster.' Currently, there are two main deployment methods: local and cloud-based. 'Local deployment might seem cost-free initially, but OpenClaw has basic configuration requirements and needs to run 24/7 for continuous operation, leading to significant hardware wear and tear and energy costs, making long-term local deployment impractical. Cloud deployment is the choice for most users, who pay fees to cloud service providers based on usage frequency and configuration, with costs ranging from tens to over a thousand yuan.'
As cost pressures associated with 'raising a lobster' gain attention, a growing number of users are opting to uninstall the 'lobster.' On second-hand platforms, numerous 'OpenClaw uninstallation' services are now available, offering remote or on-site removal for prices ranging from几十 to several hundred yuan. It was observed that most vendors offering uninstallation services also provide installation and setup, leading to the joking term 'getting two meals from one lobster' for this business model.
Beware of Data Leaks: Avoid Handling Private Information
Beyond hidden costs, as the user base for 'raising a lobster' expands rapidly, its potential security risks are increasingly coming under scrutiny.
Recently, departments and institutions including the Ministry of Industry and Information Technology, the National Computer Network Emergency Response Technical Team/Coordination Center of China, and the China Academy of Information and Communications Technology have repeatedly issued security risk warnings. They explicitly pointed out that AI agents like OpenClaw carry multiple risks, including high-severity vulnerabilities, data leakage, malicious command injection, and privilege misuse.
Zhou Hongyi, founder of 360 Group, noted in a recent interview that AI agents like OpenClaw are still in their early developmental stages, characterized by high usage barriers, unstable results, and underlying security mechanisms that require further refinement. He vividly compared AI agents to new interns, emphasizing that they need continuous training and must operate under strict rules, advising users to 'be careful when raising a lobster.'
Among the various security hazards, data leakage is particularly prominent. As an AI agent, OpenClaw's operational mechanism requires deep integration into the user's digital life. From email content and chat histories to documents and browsing habits, nearly all personal information could be accessed by the 'lobster,' drastically expanding the potential risk surface for data security.
Pei Zhiyong, Director of the Industry Security Research Center at Qi-Anxin Group, stated that the core risk of 'raising a lobster' lies in its consolidation of users' previously dispersed behavioral trails from different platforms into a single software, thereby broadening the exposure surface for personal information leakage.
'In the past, when users ordered food delivery, used search engines, or ride-hailing apps, they provided information like phone numbers, locations, and even consumption habits, but this data was scattered across different companies and platforms. Now, software like the 'lobster-raising' kind aims to assist users with various online operations, effectively concentrating a wider range of behavioral trails and more extensive information data for collection by one company,' Pei Zhiyong explained.
Addressing the security risks hidden within the 'lobster-raising' trend, Pei Zhiyong suggested that in commercial office scenarios, especially for companies dealing with technical secrets or core code, employee use should be strictly limited. Individual users must prioritize information protection, avoiding letting the application handle private photos, sensitive documents, and similar information.
For average users, Pei Zhiyong recommended adhering to good security practices when installing and using such applications: First, practice the principle of minimal necessary authorization by configuring the software's own settings or system security settings to grant access only to necessary applications. For content requiring special confidentiality, encryption is advised to prevent attackers from exploiting the software's access permissions to obtain sensitive data directly. Furthermore, users should尽量避免 using such software to directly access online banking accounts or input passwords to prevent theft by attackers. Both the software and the operating system should be updated promptly with security patches to avoid exploitation of known vulnerabilities.
'Just as with many new technologies, applications like OpenClaw will inevitably go through a development process involving risk exposure, exploitation, partial resolution, and systematic resolution. However, past security incidents have provided us with ample experience in dealing with such emerging security issues. By fully considering potential security problems from the outset and actively exploring security solutions, we can effectively prevent large-scale outbreaks of issues,' Pei Zhiyong emphasized.
Comments