AI Agent Tool Goes Viral in China, Sparks US$36,000 Installation Boom Amid Security Warnings

An open-source AI agent called OpenClaw has recently gone viral in China, with some users claiming they earned as much as 260,000 yuan (US$36,000) offering installation services for the software, according to the Metropolis Daily.

The software rocketed to fame on GitHub, collecting 9,000 stars on its first day and surpassing 100,000 within a week, making it one of the fastest-growing open-source projects on the platform.

Since late January, downloads from China-based IP addresses have surged sharply, and the project's Chinese-language documentation now attracts more daily views than any other non-English version.

Formerly known as Clawdbot and Moltbot, OpenClaw is designed as an autonomous AI agent capable of running a computer around the clock. Once given permission, it can effectively take over a user's machine, browsing the web, drafting and sending emails, and even completing online purchases without further human input.

The hype has triggered a wave of paid installation services across Chinese social media. Posts advertise 24-hour setup and debugging support, charging about 300 yuan for remote installation and 500 yuan for in-person service.

Some fees are as high as 1,000 yuan per session, including tutorials and troubleshooting. One user said they made 260,000 yuan in just days "installing Lobster," a nickname for the tool.

A Beijing-based user shared one such experience, saying they paid 499 yuan for an on-site installation that included linking OpenClaw to Feishu and GitHub and covering a month of token usage.

The installer, a former Internet operations worker with no technical background, said he began offering the service after seeing similar posts online and now receives several orders a day.

"Most of my clients," he said, "work in film, media, finance or tech and hope to use the tool to streamline their workflows."

But the frenzy has also raised alarms over privacy and security. China's Ministry of Industry and Information Technology recently issued a warning that some OpenClaw deployments may pose significant risks if left in default or poorly configured states, potentially exposing users to cyberattacks or data leaks.

Unlike traditional chatbots, OpenClaw acts autonomously, requiring elevated system privileges. Cybersecurity experts say its persistent operation and broad access could be exploited if safeguards are weak.

According to National Business Daily, Australian firm Dvuln has shown attackers could access months of private messages, account credentials and API keys, and one user reportedly had all emails wiped after using the tool.

Concerns have also prompted precautionary bans. Several major South Korean tech firms reportedly prohibit employees from using OpenClaw on corporate devices.

An industry insider said the move is not a rejection of AI, but a measure to "eliminate the possibility that internal confidential information could be used to train external models."