Cybersecurity officials are urging organisations to proceed with caution when adopting advanced AI agent platforms, warning that these powerful new tools introduce a much wider range of security threats than standard chatbots.

In a statement on Thursday, the Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) said AI agent platforms - which can operate directly on local devices, install third-party skills and integrate with external services - "present a risk surface beyond that of typical conversational AI tools".

The warning is centred on the rising popularity of an open-source platform called OpenClaw.

Unlike a simple chatbot, OpenClaw is designed to be self-hosted and acts as a multi-channel gateway, connecting to messaging apps like WhatsApp, Telegram and Discord.

It boasts features such as persistent memory, browser control and system access, allowing it to handle file operations, browser automation and script-related tasks across multiple environments.

"This high degree of integration has quickly attracted attention from developers and technical communities," the centre said.

However, HKCERT reported that malicious actors have already exploited interest in the platform by creating "fake GitHub repositories and Bing AI search results to distribute information-stealing malware and proxy malware to users searching for the OpenClaw Windows installer".

Beyond fake downloads, the platform itself has had security flaws.

According to HKCERT, "OpenClaw once had a high-severity vulnerability that could allow malicious websites to hijack developers' OpenClaw agents".

While that specific vulnerability was patched on February 26, the incident serves as a stark reminder of the risks.

"This incident serves as a reminder that organisations deploying AI agent tools may face greater risk exposure if they lack adequate security oversight and control measures," the centre said.

Further compounding the risk is the platform’s open-source skills ecosystem, known as ClawHub, which allows users to publish and install scripts to extend functionality.

HKCERT warned that "while this open extension model accelerates feature growth, it also introduces supply chain risks associated with third-party components".

To help organisations navigate these dangers, HKCERT has issued a set of cybersecurity recommendations, including verifying download sources and installation instructions, updating OpenClaw and exercising caution when installing third-party skills.



Edited by Thomas McAlinden