China Bans OpenClaw From Banks and State Agencies After Second Security Alert

On March 6, nearly 1,000 people lined up outside Tencent's Shenzhen headquarters with laptops and hard drives, waiting to get OpenClaw installed for free. Five days later, China's government told state employees to uninstall it.

That's the china openclaw ban story in a nutshell. And it's wilder than it sounds.

What CNCERT Actually Said

China's CNCERT/CC issued a formal security advisory on March 10, 2026. This was the second national-level warning in five weeks, following the NVDB's initial alert on February 5.

The advisory flags four threat categories:

• Prompt injection attacks where malicious web content hijacks local agents

• Misoperation risks (one documented case had an agent spam hundreds of iMessages)

• Malicious plugins from ClawHub's marketplace

• Known CVEs, including 8 critical vulnerabilities found in a January audit of 512 total

One cybersecurity researcher called it a "lethal trifecta": broad private data access, the ability to communicate externally, and exposure to untrusted content. That combination is particularly dangerous in regulated environments.

The Ban Itself

Bloomberg reported on March 11 that state agencies, state-owned enterprises, and China's largest banks received internal notices to ban or restrict OpenClaw on office devices. Some institutions extended the restriction to personal phones connected to company networks.

But here's what the ban is not: a nationwide prohibition. Private sector use and individual installations remain unrestricted. Some agencies require prior approval rather than a full uninstall.

The Subsidy Paradox

This is the part that probably confuses people most.

The same week regulators told banks to remove OpenClaw, local governments in Shenzhen and Wuxi launched subsidy programs to attract OpenClaw developers. Shenzhen's Longgang District is offering up to 2 million yuan per project. Wuxi's Hi-Tech District goes even higher, up to 5 million yuan.

And on March 11, the day Bloomberg broke the ban story, Premier Li Qiang publicly called for AI agents' "large-scale commercial application".

So China isn't anti-OpenClaw. It just doesn't want state secrets flowing through software with 40,000+ vulnerable instances exposed to the internet, 60% of which have exploitable vulnerabilities.

What CNCERT Recommends

CNCERT's specific guidance reads like a managed hosting checklist: container isolation, network access controls, identity authentication, verified plugin sources, and no public port exposure.

If you're self-hosting OpenClaw, that's your to-do list. If you'd rather not manage all of that yourself, our security hardening guide covers the basics, and the ClawHosters Safety Scanner can check your instance for known vulnerabilities. Or you can check our managed hosting plans where we handle all of this from day one.