-
Our Services
- AI with HKPC PICASSO
- The Cradle – Go Global Service Centre
-
New Industrialisation
- New Industrialisation
- New Productive Forces Service Platform
- Smart Production Line
- Innovation Technology and R&D
- Transformation and Upgrading
- Nurture New Industrialisation Talent
- Rules and Regulations
-
HealthTech and Traditional Chinese Medicine
- HealthTech and Traditional Chinese Medicine
- R&D service and Functional Investigation on Chinese Medicine, Health Food & Wellness product
- Compliance Consultation Service for Chinese Medicine, Pharmaceutical, Health Food and Medical Device Industries
- Manufacturing Enhancement - Automatic Intelligent System for Production and Packaging in Chinese Medicine, Pharmaceutical and Health Food Industries
- Assisting funding application for local medicine and health industrial associations
- “The Cradle” Services for Health Tech and TCM Industry
-
Smart Manufacturing
- Smart Manufacturing
-
IIOT
- IIOT
- Industrie 4.0 - Smart Enterprise
- Product Lifecycle Management Consultancy
- Intelligent Automatic Warehousing and Logistics
- Real-Time Manufacturing Tracking System
- Knowledge Based Engineering & CAD Solution
- Location Based Services and Location Analytics
- The HATCH
- Hong Kong Industrial Drone Technology Centre
- Novel Materials
-
Advanced Manufacturing Technology
- Advanced Manufacturing Technology
- 3D Scanning and Reverse Engineering Service
- Flexible Metallic Fiber Physical Porous Part Fabrication Technology
- Advanced Mould Cooling Technology and CAE Conformal Cooling Analysis
- Gas Atomisation Technology
- Dual Laser Metal Polishing Technology
- Advanced Additive Manufacturing, 3D Printing Technology, and Direct Manufacturing
- Diffusion Bonding Technology
- Electrically-Assisted Free Forming (EAFF) Technology for Customisation of Sheet Metal Parts
- Plastic Process and Machinery Technology
- Fashion and Garment Technology
- Computer Aided Technology (CAx)
- Watch Assembly Automation Technology
-
Digital Transformation
- Digital Transformation
- HKPC Digital DIY Portal
- Digital Transformation Support
- Intelligent Integrated Non-wearable and Wearable Health Monitoring System and App for Elderly Homes
- 「FitEasy」Virtual Fitting Technology - For People with Disability
- Smart Solution
- Research and Analytics
- Strategic IT Management
- Embedded Software System
- New Media and Learning Technology Development
- IT Industry Support
- DevOps Maturity Assessment and Consultancy Service
- Software Testing Automation Consultancy Service
- Blockchain Consulting Service
- Extended Reality (XR) technology and consultancy service
-
Cyber Security
- Cyber Security
- Cyber Security
- Cybers Security-by-design, Privacy and Compliance-by-default
- Design & Architecture
- Train & Develop
- Offensive Security
- Intelligent Security
- Defensive Security
- Intelligent Hardening
- Internet of Things (IoT) & Operational Technology (OT) Cyber Security Testing
- Phishing Defence Services
- Cyber Security Assessment & Audit
- Cyber Security Consultancy for i4.0 & e4.0
-
Green & Smart Living
- Green & Smart Living
- Green Technology
- Food Technology
- Smart Living
-
Corporate Sustainability
- Corporate Sustainability
- ESG and Sustainability Services
- Manufacturing Technology (Tooling, Metals & Plastics) Recognition of Prior Learning (RPL) Mechanism
- Market Research and Analytics
- Business Innovation
- Sustainability-related standards and guidance
- Organisation Innovation Capability Development
- District Innovation
- Customer Service Assessment
- Intellectual Property (IP) Protection and Management
- Support to Creative Industries
- Manufacturing Standards Consultancy Service
- Production Capacity Optimisation
- Cost of Quality
- HKPC Academy
- SME Support
- Funding
- Testing & Standards
- Venues & Facilities
-
Support & Resource
- Technology Transfer
-
Support Centres
- Support Centres
- Future Life and Health Tech Centre & Future FoodTech Lab
- Low-altitude Economy Tech Hall
- The Cradle – Go Global Service Centre
- Agentic AI and Industrial Metaverse Hall
- HKPC-HP 3D Printing Technology Centre
- Future Manufacturing Hall
- Hong Kong Technology and Innovation Support Centre
- Inno Space
- The HATCH
- Advanced Electronics Processing Technology Centre
- Green Living Laboratory
- Reliability Testing Centre
- Electromagnetic Compatibility Centre
- Plastics Technology Centre
- Smart Wearables, Watch & Clock Technology Centre
- Conformal Cooling Technology Centre
- Hong Kong Digital Testing Hub
- Hong Kong Industrial Drone Technology Centre
- Aqua Research Laboratory
- Advanced Materials and Intelligent Manufacturing Centre
- Hong Kong Joint Research Lab for Applications of Intelligent Automation Technology
- Future FoodTech Lab
- HKUST-HKPC Joint Research Lab for Industrial AI and Robotics
- Hong Kong Industrial Artificial Intelligence & Robotics Centre (FLAIR)
- Testing & Standards
- HKPC Spotlights
- About US
-
LANGUAGE
HKCERT Warns that OpenClaw's Popularity Conceals Major Cybersecurity Risks
(This image was created using generative AI and reviewed under professional human supervision.)
(Hong Kong, 12 March 2026) The Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) reminds organisations that AI agent platforms with capabilities such as local device operation, installation of third-party skills, and integration with external services present a risk surface beyond that of typical conversational AI tools. When adopting such tools, organisations should simultaneously assess version-related risks, supply chain risks, and permission management arrangements, and should avoid carrying out high-risk actions suggested by the agent without proper verification. HKCERT also released the “Hong Kong Cybersecurity Outlook 2026” in January this year, identifying agentic AI as a cybersecurity risk that warrants attention in 2026.
OpenClaw has recently become a widely watched open-source AI agent platform. According to its official documentation, OpenClaw is designed to be self-hosted and can serve as a multi-channel gateway connecting messaging platforms such as WhatsApp, Telegram, Discord, and iMessage, allowing users to interact with AI agents through familiar chat interfaces. The official materials also list its key features, including persistent memory, browser control, system access, and extensibility through skills/plugins. One notable characteristic of OpenClaw is that it is not merely a conversational AI tool, but an AI agent platform that can run locally or on a server. Official information indicates that it is capable of handling file read/write operations, browser automation, media processing, and script-related tasks, while also supporting multiple models and multi-platform environments. This high degree of integration has quickly attracted attention from developers and technical communities.
As OpenClaw's popularity continues to grow, the associated security risks are increasingly coming to light. Reports indicate that malicious actors have leveraged fake GitHub repositories and Bing AI search results to distribute information-stealing malware and proxy malware to users searching for the OpenClaw Windows installer. Additional reports have pointed out that OpenClaw once had a high-severity vulnerability that could allow malicious websites to hijack developers' OpenClaw agents. Fortunately, this vulnerability was patched on February 26, 2026. This incident serves as a reminder that organisations deploying AI agent tools may face greater risk exposure if they lack adequate security oversight and control measures.
In addition to vulnerabilities within the platform itself, OpenClaw's skills ecosystem has also emerged as a new attack surface. Its official documentation shows that OpenClaw features an open-source skills registry called ClawHub, which allows users to publish "skills" scripts to extend the platform's functionality, as well as search for, install, update, and publish skills. A skill typically consists of a SKILL.md description file and related supporting files. While this open extension model accelerates feature growth, it also introduces supply chain risks associated with third-party components.
HKCERT Cybersecurity Recommendations
- Verify download sources and installation instructions
Recent cases have shown that fake GitHub repositories and search-result recommendations can be used as malware distribution channels. Users should prioritise download and installation information provided through the official website, official documentation, and official repositories.
- Update OpenClaw ASAP
Users who have already deployed OpenClaw should confirm that they have updated to the latest version to patch publicly reported high-severity vulnerabilities.
- Exercise caution when installing third-party skills
Although the platform has introduced VirusTotal scanning, reports indicate that this mechanism does not eliminate risk. Users should not trust an installation source based solely on a skill’s name, download count, description page, or apparent functionality.
- Stay alert when an agent requests high-risk actions
If an AI agent prompts users to download additional tools, paste terminal commands, install drivers, enter system passwords, or relax security restrictions, this should be treated as a high-risk event. Users should first verify whether such requests come from a trusted and necessary source before proceeding.
- Manage OpenClaw as a high-privilege automation platform
If an organisation is considering adopting OpenClaw, it should treat it as a high-privilege agent capable of interacting with local resources and external services, rather than as an ordinary chat tool. Measures such as version management, skill review, endpoint protection, and continuous monitoring should be incorporated into the organisation’s overall governance framework.
Businesses or members of the public who wish to report to HKCERT on information security related incidents such as malware, phishing, denial of service attacks, etc. can do so by completing the online form at: https://www.hkcert.org/incident-reporting, or calling the 24-hour hotline at +852 8105 6060. For further enquiries, please contact HKCERT at hkcert@hkcert.org.
- Ends -
FOLLOW US
SUBSCRIBE TO OUR NEWSLETTERS
Share the latest information of HKPC to your inbox