What do banking professionals think of OpenClaw amid the "Lobster Farming" craze?

Since March, the open-source AI agent OpenClaw (commonly nicknamed “Lobster” in the industry due to its red lobster icon) has become popular in the global tech community.

This intelligent agent, capable of directly controlling computer terminals based on natural language commands and autonomously performing complex tasks such as file management and data processing, has attracted widespread attention for its low barrier to entry and high autonomy, sparking a “全民养虾” (nationwide “raising lobsters”) craze.

However, the prospects for OpenClaw’s implementation in the banking industry face very different “cold realities.” Sina Financial Research Institute has learned from multiple financial industry professionals that, in the face of the application boom of open-source intelligent agents like OpenClaw, most financial institutions are adopting a wait-and-see approach and have not yet deployed large-scale operational implementations.

Meanwhile, from the National Cybersecurity Emergency Response Center to industry self-regulatory organizations, multiple risk alerts have been issued, further warning the financial sector of potential dangers associated with “raising lobsters.”

Nationwide “Raising Lobsters” Fever

What Do Bankers Think?

A person from the Fintech department of a large state-owned bank in East China told Sina Financial Research Institute that the bank has not yet deployed any OpenClaw-related tools internally. Employees are strictly prohibited from building or deploying open-source intelligent agents like OpenClaw on their work terminals, or inputting sensitive information such as customer data and transaction details into these agents or their processing chains.

He also revealed that employees of the bank’s technology subsidiary have recently been paying close attention to and discussing the application of OpenClaw. The bank itself has not banned employees from testing these tools on personal devices for non-business purposes.

In his view, the core technological features of OpenClaw have the potential to improve efficiency. Its intelligent layer can flexibly adapt to mainstream large language models like Gemini, GPT, Deepseek, and Qwen, both domestically and internationally. Additionally, its persistent memory system can enable long-term personalized adaptation.

Global large model compatibility assessment for OpenClaw, source: PinchBench platform

“OpenClaw can also simulate system-level operations such as mouse clicks and keyboard inputs, enabling complex tasks across different software and platforms. If integrated into product development and operational support through compliant modifications, it could potentially enhance work efficiency,” he said. The ability to perform cross-platform system-level operations requires higher system call permissions, which naturally raises security concerns—this is the core reason why banks remain cautious.

A person involved in corporate banking at a joint-stock bank told Sina Financial Research that the bank explicitly prohibits deploying any external intelligent agent tools on work terminals without internal approval. She believes that widespread adoption of OpenClaw in the banking industry is highly unlikely.

“Compared to other industries, banks handle vast amounts of core customer identity information, transaction records, and fund data. For reasons of data security, compliance, and industry risk control, it’s unlikely they will directly use such open-source intelligent agents,” she said.

Non-bank financial institutions are also cautious. An employee from a joint-venture public fund company’s compliance team said the company will not follow the trend of “raising lobsters” in the short term. “Currently, licensed financial institutions generally do not directly use open-source intelligent agents like this.” She added that while future applications are not entirely impossible, any deployment would require internal privatized deployment and full-process compliance restructuring.

Foreign financial professionals also remain highly alert to related risks. A trader at a Hong Kong brokerage told Sina Financial Research Institute that their company has not issued any specific bans on OpenClaw, but almost no employees deploy the agent on work devices. “After all, if data leaks or other issues occur, individuals will have to bear responsibility.”

This trader mentioned that OpenClaw has been disclosed by multiple cybersecurity agencies to have several medium- and high-risk security vulnerabilities. In financial trading scenarios, these vulnerabilities could be exploited by attackers to steal trading keys, account information, and other sensitive data, posing significant data compliance and operational risks. Additionally, OpenClaw’s built-in persistent memory continuously stores various data encountered during operation, with access scope and retention periods that can easily exceed business needs.

Multiple Official Warnings on Risks

Security Is the Biggest Bottleneck

The application of OpenClaw in financial scenarios involves multiple serious security risks, prompting recent official warnings.

On March 10, the National Cybersecurity Emergency Response Center issued a risk alert regarding the safe use of OpenClaw, clearly stating that under default or improper configurations, the intelligent agent can easily trigger network attacks, information leaks, and other security issues.

On March 11, the Cybersecurity Threat and Vulnerability Information Sharing Platform of the Ministry of Industry and Information Technology published the “Six Do’s and Six Don’ts” advice for preventing security risks associated with OpenClaw (“Lobster”). It specifically addressed risk points and response strategies in financial transaction scenarios, emphasizing the high risk of errors and account hijacking, and recommending network isolation, least privilege access, manual review and circuit breaker mechanisms, and full-chain audit and security monitoring.

On March 15, the China Internet Finance Association issued a specific risk warning on the security of OpenClaw’s application in the internet finance industry. The association pointed out that the online and digital nature of internet finance involves handling highly sensitive customer funds, assets, accounts, and personal financial data. The default high system permissions and weak security configurations of OpenClaw make it a prime target for attackers to steal sensitive data or manipulate transactions illegally.

Under these multiple risks, industry experts generally believe that OpenClaw is unlikely to enter core financial operations in the short term.

Everbright Bank, in its March 15 financial consumer protection special report, highlighted that the core security risk of OpenClaw stems from its uncontrollable permissions. Deployed locally on computers, it has the highest level of access to the operating system. If permissions are misused or accidentally triggered, it could cause serious system-level security incidents. Moreover, due to its design limitations, OpenClaw has significant data storage security vulnerabilities, leaving sensitive user information unprotected. Additionally, security management issues with ClawHub and inherent flaws in current large models greatly expand attack surfaces and elevate risks.

Puyang International, in related research reports, warned that security remains the biggest bottleneck for OpenClaw. Its default high-permission operation mode and ambiguous trust boundaries make it highly susceptible to malicious exploitation. The official skill marketplace ClawHub also faces serious supply chain security issues, with many malicious skills capable of stealing credentials or implanting Trojans. Prompt injection has become a native AI threat, capable of inducing AI to perform unauthorized operations via web pages, emails, and other vectors.

Cautious Observation Does Not Equal Rejection of AI

Embedding Intelligent Agents Will Be the Future Trend

The cautious stance and regulatory guidance of the financial industry align with the development of AI. The People’s Bank of China, in its 2026 Technology Work Conference, explicitly called for actively and prudently advancing AI applications in finance, aiming to unleash digital and intelligent development momentum.

It’s important to note that the industry’s “cooling” attitude does not mean rejection of AI technology itself.

Ding Wei from China Construction Bank’s Office wrote in an article published on Tsinghua Financial Review on March 10 that OpenClaw has achieved a paradigm shift from “dialogue AI” to “execution AI,” showing an early prototype of a “general AI assistant.”

Regarding the feasibility of deploying OpenClaw in finance, Ding Wei pointed out that the current application still faces many challenges. First, the intelligent agent framework cannot resolve the inherent flaws of large models. In practice, reports using OpenClaw with mainstream large models—even when connected to verify facts—still contain errors, incorrect citations, or fabricated sources. Second, the execution of the intelligent agent is highly uncertain and uncontrollable; multiple test cases have shown that agents sometimes do not follow instructions, delete or send files incorrectly, and cannot be stopped by human commands. Third, the multi-agent collaboration framework of OpenClaw also has many issues; security audits by research institutions have identified hundreds of vulnerabilities.

Despite these challenges, Ding Wei believes that the technological approach represented by the new generation of intelligent agent frameworks like OpenClaw has been widely accepted by the industry. As the capabilities of large models slow down, embedding intelligent agents and transforming business processes will remain the main trend in AI applications in finance.

Zeng Gang, chief expert and director of the Shanghai Financial and Development Laboratory, stated that the “nationwide raising lobsters” phenomenon marks an important stage where AI moves from chat assistants to “executable agents.” For the financial industry, he advocates an attitude of “open exploration and cautious implementation.” He emphasized that for open-source intelligent agents to truly enter core financial scenarios, three key issues must be addressed: 1) interpretability and auditability to meet regulatory requirements for decision traceability; 2) data security and isolation mechanisms to prevent sensitive financial data from external access; 3) stability and clear responsibility boundaries, ensuring that when errors occur, there are mechanisms for risk control and accountability.

Looking ahead, Zeng Gang believes that future financial AI development may focus on multi-agent collaboration, “AI-native finance,” and RegTech (regulatory technology). Overall, financial institutions should seize the technological opportunities brought by the open-source ecosystem while maintaining prudent governance. Only after establishing comprehensive security and governance systems can they gradually validate and deploy AI in low-risk, non-core scenarios.