Singapore's Infocomm Media Development Authority (IMDA) has issued a formal warning against unrestricted use of OpenClaw, an increasingly popular AI agent platform, citing significant cybersecurity and data governance risks. The advisory marks the first major regulatory caution regarding OpenClaw deployments and reflects growing international concern over autonomous AI systems capable of performing complex digital tasks without human intervention.

OpenClaw, developed by Austrian software engineer Peter Steinberger and launched in November 2025, has rapidly gained global adoption as an AI-powered personal assistant platform. The tool allows users to connect large language models such as OpenAI's ChatGPT, Google's Gemini, and Anthropic's Claude to workplace tools, messaging services, and email systems to automate workflows. While the platform offers genuine productivity benefits, IMDA stressed that OpenClaw currently lacks sufficient built-in safeguards and requires careful deployment planning.

What Makes OpenClaw Vulnerable to Security Breaches?

The IMDA advisory highlighted several critical vulnerabilities that could allow OpenClaw to cause serious operational damage. According to the authority, poorly configured implementations could cause systems to "run amok," potentially disrupting business operations, halting transactions, and exposing confidential corporate and personal data. The platform inherits the privileges of the user account that installs it, meaning the AI agent may gain unrestricted access to files, applications, and internal systems available to that user.

The scale of known vulnerabilities is concerning. Citing intelligence platform OpenCVE, IMDA reported that roughly a quarter of the more than 400 reported OpenClaw vulnerabilities and exposures as of April were classified as high severity, potentially enabling data theft and operational disruption. Additionally, many publicly available OpenClaw skills had not undergone proper testing and may contain malicious code, hidden instructions, or malware. IMDA referenced reports involving the malware Atomic macOS Stealer, which had been disguised as OpenClaw tools including cryptocurrency wallet trackers, YouTube downloaders, and workplace utilities.

Integrations with workplace collaboration platforms such as Slack present another risk vector. OpenClaw connected to Slack channels could execute instructions posted by any participant without additional authentication safeguards, creating opportunities for accidental or malicious actions.

How to Deploy OpenClaw Safely in Your Organization?

• Implement Least-Privilege Access: Restrict OpenClaw's permissions to only the specific files, applications, and systems necessary for its assigned tasks. Avoid creating a single "all-powerful" agent with unrestricted access across your entire technology infrastructure.
• Deploy Multiple Narrowly Scoped Agents: Instead of one universal agent, create separate agents dedicated to specific functions such as scheduling, coding, or administrative tasks. This compartmentalization limits the damage if one agent is compromised or malfunctions.
• Establish Human Approval Workflows: Require explicit human authorization before sensitive actions are executed, particularly for high-risk activities such as financial transactions, data deletion, and infrastructure changes.
• Use Managed Identities for Agents: Create separate digital identities for AI agents rather than reusing employee credentials. IMDA emphasized that "managed identity for agents should be recognised as a foundational control layer, particularly as agents increasingly act as proxies for human users across systems".
• Restrict Posting Permissions in Connected Channels: When integrating OpenClaw with Slack or similar platforms, limit who can post instructions to connected channels to reduce the risk of accidental or malicious commands.
• Avoid Installation on Primary Workstations: Do not install OpenClaw on primary workstations or personal devices containing highly sensitive information.

Why Are Skill Marketplaces a Major Concern?

One of the most significant risks involves third-party skills available on public marketplaces like ClawHub. IMDA warned that many skills on these platforms are currently flagged as malicious and have not undergone proper security vetting. The authority recommended installing only trusted skills from verified publishers whose source code is publicly inspectable and actively maintained. "Skills that lack transparent source code, verifiable provenance, recent maintenance activity, or that request permissions beyond their stated purpose should be treated as higher risk and avoided," IMDA stated.

This guidance reflects a broader pattern in open-source agent frameworks that trade convenience for built-in controls. As noted in industry analysis, out-of-the-box agent features such as persistent memory and deep system integration accelerate prototyping but shift responsibility for security and governance onto deployers.

What Is the Global Response to OpenClaw?

Singapore's warning comes amid rising global scrutiny surrounding OpenClaw and other autonomous AI systems. In March 2026, Chinese authorities reportedly instructed government agencies and state-owned enterprises to avoid installing OpenClaw on office devices due to concerns about cyberattack risks and external data exposure. Despite these warnings, interest in OpenClaw remains strong in Singapore, where more than 20 community-led events focused on the platform have reportedly been held, attracting developers, entrepreneurs, and technology professionals exploring practical AI applications.

IMDA's advisory was developed in collaboration with multiple stakeholders, including the Government Technology Agency of Singapore, Cyber Security Agency of Singapore, Grab, Microsoft, and Tencent, and is based on Singapore's Model AI Governance Framework for Agentic AI released earlier in 2026. This cross-sector collaboration suggests that secure experimentation with agentic AI is becoming a priority across both public and private organizations.

The IMDA case study places OpenClaw within a broader wave of open-source agent frameworks that are rapidly gaining adoption despite their security challenges. For practitioners, the key takeaway is clear: the convenience and power of autonomous AI agents come with significant responsibility. Organizations deploying OpenClaw must implement robust governance controls, maintain human oversight, and carefully vet any third-party integrations before granting access to sensitive systems and data.