- 27
- March
March 2026 was a month when OpenClaw — the open-source AI Agent with over 280,000 GitHub Stars — made headlines once again after the Chinese government banned government agencies and state-owned banks from using OpenClaw on work computers due to cybersecurity concerns. At the same time, the OpenClaw ecosystem was found to contain more than 820 fake Skills embedded with Malware. This article summarizes all the key news, along with lessons for government agencies and organizations worldwide.
Quick Summary — 5 Key Stories from OpenClaw March 2026:
- China bans government agencies + state-owned banks from installing OpenClaw
- 820+ fake Skills with embedded Malware found on ClawHub (up from 324)
- ClawHub Marketplace launches as the default Plugin Store
- Versions 3.22-3.24 patch 30+ security vulnerabilities
- Tencent launches AI Suite on OpenClaw with WeChat integration
1. China Bans OpenClaw in Government Agencies — Why the Concern?
On March 11, 2026, Bloomberg reported that the Chinese government issued an order for government agencies, state-owned enterprises, and state banks to ban the installation and use of OpenClaw on work devices. Multiple agencies were notified to:
- Prohibit installation of OpenClaw and related software on office computers
- Report to supervisors if already installed, for inspection and removal
- Prohibit AI Agents that access internal government system data
3 Primary Reasons Behind China's Ban
| # | Risk | Details |
|---|---|---|
| 1 | Supply Chain Attack | OpenClaw relies on community-developed Plugins/Skills, which can easily be embedded with Malware or Backdoors — as proven by the discovery of 820 fake Skills |
| 2 | Data Exfiltration | AI Agents access files, calendars, emails, and local data — if compromised, classified government data could be leaked |
| 3 | Weak Default Security | China's CERT stated that OpenClaw has "extremely weak default security configuration" — attackers can embed commands in Web Pages or Plugins to gain system access |
"Beijing is sounding alarms about supply chain attacks, data access, and the risks of agentic AI inside government systems."
— Tom's Hardware, 12 March 2026
But China Didn't Ban Everything — A "Ban in Government, Support in Private Sector" Strategy
Interestingly, while the central government banned OpenClaw in government agencies, local governments in Shenzhen and Wuxi were subsidizing companies that build products on OpenClaw, revealing a clear dual strategy:
- Banned in government systems — due to state data security risks
- Encouraged in the private sector — to capture the economic benefits of AI Agents
Fast Company described this strategy as "capture the economic upside of agentic AI while keeping it out of the party-state's own bloodstream"
What Thai government agencies should learn:
While Thailand has not yet issued an official ban on OpenClaw, ThaiCERT issued a warning as early as February 2026 about OpenClaw's security risks that require caution. Agencies handling sensitive data (financial records, personnel data, national security information) should assess risks before allowing staff to use any AI Agent (read more: Cybersecurity for ERP — Threats Every Organization Must Know).
2. Fake Skills with Embedded Malware — From 324 to 820
OpenClaw's security issues extend beyond the framework itself into its Plugin ecosystem (called "Skills"). Researchers from Koi Security found that:
| Number | Details |
|---|---|
| 10,700 | Total number of Skills on ClawHub |
| 820+ | Number of malicious Skills (up from 324 just weeks earlier) |
| 1,467 | Number of Skills removed from ClawHub after detection |
What Do Fake Skills Actually Do?
The malicious Skills employed sophisticated tactics:
- Used trustworthy-sounding names such as "solana-wallet-tracker" or "productivity-assistant" with professional-looking documentation
- Installed Keyloggers on Windows — recording every keystroke including passwords
- Installed Atomic Stealer on macOS — stealing Passwords, Cookies, and Crypto Wallets
- Stole OpenClaw Config files — obtaining all Encryption Keys + Credentials
ClawHub vulnerability exploited in attacks:
Researchers from Silverfort reported (March 16, 2026) that they discovered a vulnerability in ClawHub that allowed attackers to fake Download counts to push malicious Skills to the #1 ranking, misleading users into thinking they were popular Skills. The OpenClaw team patched the issue within 24 hours of receiving the report.
How Did ClawHub Respond?
After the issues were discovered, ClawHub took action:
- Removed 1,467 malicious Skills
- Added Automated Scanning for automatic Malware detection
- Launched Author Verification Badge to verify developer identity
- Enforced Code Signing for newly uploaded Skills
While the situation has improved, it is not yet 100% safe — organizations must verify Skills before installing them every time (read more: Two-Factor Authentication — Why Every Organization Needs It).
3. OpenClaw v2026.3.22-3.24 — Major Updates
In March, OpenClaw released three significant version updates, with v2026.3.22 being the largest update in months:
| Version | Date | Key Highlights |
|---|---|---|
| v2026.3.22 | Mar 22 | ClawHub Marketplace, Sub-Agent, Multi-Model, 12 Breaking Changes, 30+ Security Patches |
| v2026.3.23 | Mar 23 | Stabilization: Bug fixes from 3.22, Plugin SDK improvements, new Qwen Provider |
| v2026.3.24 | Mar 24 | Slack + Microsoft Teams Integration, OpenWebUI Sub-Agent, OpenAI API improvements |
Key Features from v2026.3.22
- ClawHub as Default Plugin Store — When running
openclaw plugins install, it searches ClawHub first, then falls back to npm if not found - Sub-Agent + Multi-Model — The main Agent can call sub-Agents using different LLMs, e.g., the main Agent uses GPT-5.4 while a sub-Agent uses Claude Opus 4.6
- /btw Side Conversation — A new command for off-topic conversations with the Agent without disturbing the main Context
- Faster Gateway Cold Start — Reduced from several minutes to just seconds
- GPT-5.4 Support with 1 million Token Context Window
- Memory Hot Swapping — Switch Memory Modules without restarting the Agent
4. Tencent Launches AI Suite on OpenClaw + WeChat
On March 10, 2026, Tencent announced the launch of an AI Products Suite built on OpenClaw that can be used through WeChat — the Super App with over 1.3 billion users.
Engineers from Tencent Cloud helped everyday users — from students and retirees to office workers — deploy OpenClaw more easily, reflecting how AI Agents are now reaching the general public, no longer limited to developers alone.
5. GitHub Stars Surpass 280,000 — Unstoppable Growth
From 247,000 Stars at the beginning of March, OpenClaw now has over 280,000 Stars (some reports cite up to 330,000), making it one of the fastest-growing open-source projects in GitHub history (read more: What is OpenClaw? — The Open-Source AI Agent Everyone is Talking About).
Lessons for Organizations and Government Agencies
China's ban on OpenClaw reflects a challenge that every organization worldwide is facing — AI Agents are incredibly useful, but they come with risks that must be managed:
| # | Action Required | Details |
|---|---|---|
| 1 | Define an AI Agent Policy | Clearly define which AI Agents are allowed/prohibited, who has installation rights, and what data types are off-limits for AI access |
| 2 | Verify Every Plugin/Skill | Never install Skills from ClawHub without verification — always check the Author Verification Badge, review Source Code, and read Reviews first |
| 3 | Isolate the AI Agent Network | If an AI Agent is compromised, it must not be able to directly access the ERP system, databases, or internal network |
| 4 | Update to the Latest Version | Version v2026.3.24 includes 30+ Security Patches — if you are still using a version older than 3.22, update immediately |
| 5 | Monitor Activity Logs | Enable logging for all AI Agents and regularly review for abnormal behavior |
When China — the country with the highest OpenClaw adoption — has to ban it from government agencies, that is a clear signal that every organization needs an "AI Agent Policy." It is not enough to simply "adopt because it is free and trending" — you must evaluate whether it is appropriate for your organization's security level.
— Saeree ERP Team
For organizations seeking a secure ERP system without Open-Source Supply Chain risks, consider Saeree ERP — developed by a Thai team with internationally-standardized security, and all data stays in Thailand, never exported overseas (read more: Disaster Recovery for Critical Systems and SQL Injection and Prevention).
References
- Bloomberg — China Moves to Limit Use of OpenClaw AI at Banks, Government Agencies
- Tom's Hardware — China bans OpenClaw from government computers
- Fast Company — China went crazy for OpenClaw. Now it's working to ban it
- ThaiCERT — OpenClaw: A Convenient Open-Source AI Agent with Hidden Cyber Risks
- eSecurity Planet — Hundreds of Malicious Skills Found in OpenClaw's ClawHub
- The Biggest OpenClaw Update (March 2026) — ClawHub, SubAgents, Session Management
