After the "Lobster" Installation Boom Fades, Training and Uninstallation Services Rise

¥499 to install OpenClaw, ¥299 to uninstall. The internet platform has sparked a wave of “lobster” uninstallation services, and the first batch of on-site uninstallers has appeared.

On second-hand platforms, OpenClaw uninstallation costs range from ¥9.9 to ¥299. On March 11, a seller told The Paper Tech that there are multiple deployment methods for “lobsters,” each with different uninstallation and cleaning procedures. The ¥299 price includes removing the lobster itself and cleaning the environment, ensuring a “thorough uninstall.”

OpenClaw uninstallation services on second-hand platforms.

Ruo Xuan, co-founder of Shenzhen Yuanshi Intelligent Co., Ltd. (RWKV Yuanshi Intelligent), told The Paper Tech that it’s not yet the time for everyone to have a “lobster.” Recently, there has been a surge of OpenClaw training, financial speculation, and even pyramid schemes, which require careful discernment.

After the installation boom subsides, uninstallation and training services are rising

From installation and training to uninstallation, the “lobster” business on internet platforms has formed a “closed loop.”

On social media, some users offer OpenClaw uninstallation services. For those who have installed “lobsters” but don’t know how to use them, consume too many tokens daily, or worry about privacy leaks, these users provide on-site uninstallation for ¥299 and remote uninstallation for ¥99, with tags like “safe, clean, residue-free, and guaranteed after-sales.”

OpenClaw uninstallation services on social media.

“Once you learn how to use OpenClaw, you often get more and more addicted because it can really help with many practical tasks. Unlike large models, OpenClaw has memory capabilities and can install various skill packs, just like a newly bought iPhone, where you keep exploring different apps,” said Tian Feng, director of the Fast and Slow Thinking Institute and former founding director of SenseTime’s AI Industry Research Institute. Of course, not everyone can successfully “raise lobsters.” Users often stop due to improper initial installation, concerns over security vulnerabilities, or the complexity and accuracy of task completion not meeting expectations.

Besides installation and uninstallation, individual sellers on second-hand platforms also offer “from beginner to expert” OpenClaw tutorials priced at ¥8.88. The courses include comprehensive tutorials from beginner to intermediate, intermediate to advanced, four core skills and practical guides, and tips on reducing token consumption by 72% with memory plugins. Another ¥99 OpenClaw training camp promises “seven days of systematic training with four coaches guiding throughout,” teaching “side hustle monetization ideas” to help consumers “capitalize on AI era opportunities.”

OpenClaw tutorials on second-hand platforms.

Tian Feng said that as this round of “lobster installation” boom gradually fades, the training market around OpenClaw will rapidly grow. Various “lobster” training programs are expected to emerge, such as how to use OpenClaw for sales, customer marketing, or legal document review. For non-technical users, proper training is essential to get started.

Ruo Xuan also told The Paper Tech that it’s not yet the time for everyone to have a “lobster.” Recently, a large number of OpenClaw training, financial speculation, and even pyramid schemes have appeared, and “all kinds of experts and monsters are out there—be careful to tell them apart.”

Security concerns highlighted

As OpenClaw becomes more popular, security experts have issued warnings about its safety.

According to tech media CNET, because the agent is designed to run locally and interacts with emails, files, and credentials, even minor misconfigurations can lead to serious consequences. Early in its development, researchers found many publicly accessible deployments without authentication, exposing API keys, chat logs, and system access to anyone who discovered them. Recently, security firm Censys identified 21,639 exposed instances, mainly in the US, China, and Singapore.

Some more prominent security issues are not purely technical but social. CNET reports these include fake Clawdbot/Moltbot/OpenClaw downloads and hijacked accounts used to spread malware or scams. Security company Koi Security identified 341 malicious “skills” among about 3,000 available in the ClawHub software directory. While developers quickly patched specific vulnerabilities, security analysts say OpenClaw highlights a larger problem— as AI agents become more autonomous and powerful, security risks are also increasing.

Roy Akerman, head of cloud and identity security at Silverfort, said that the risk of tools like OpenClaw isn’t that they are obviously malicious, but that they continue to operate under legitimate human identities, blurring the line between users and machines acting on their behalf.

“When AI agents continue to act using a user’s credentials after the user logs out, they become a hybrid identity, and most security controls are not designed to recognize or manage this kind of identity,” Akerman explained. Enterprises shouldn’t outright ban these tools but need to change their approach—treat autonomous agents as identities, restrict their permissions, and monitor their behavior continuously, not just logins.

A former official from Zhongguancun Kejin Technology told The Paper Tech that for the general public, OpenClaw remains a high-threshold, high-cost AI toy. For enterprises, it’s still far from stable and reliable productivity tools. In the enterprise market, stability and reliability are critical. OpenClaw’s capabilities heavily depend on the chosen large model, which lacks stability and has system-level permissions that, if misconfigured, could pose data risks. It’s far from a reliable consumer product. “Some ‘one-person companies’ have had their APIs leaked and their credit cards flooded, and some malicious actors use OpenClaw’s autonomous execution to send spam or carry out scams.”

Ministry of Industry and Information Technology’s “Six Do’s and Six Don’ts” safety advice

To prevent security risks associated with open-source OpenClaw agents, the Ministry of Industry and Information Technology’s cybersecurity threat and vulnerability information sharing platform has issued “Six Do’s and Six Don’ts” safety guidelines and uninstallation instructions.

The platform recommends: first, use the latest official version. Download the latest stable version from official channels, enable automatic update alerts, back up data before upgrading, restart services after upgrading, and verify patches. Do not use third-party or outdated versions.

Second, strictly control internet exposure. Regularly check for internet-facing instances and take them offline immediately if found. Do not expose “lobster” agents to the internet; if internet access is necessary, use encrypted channels like SSH, restrict access sources, and use strong passwords, certificates, or hardware keys for authentication.

Third, follow the principle of least privilege. Grant only the minimum permissions necessary for tasks, and double-check or manually approve critical operations like deleting files, sending data, or modifying system settings. Preferably run in containers or virtual machines to isolate permissions. Do not deploy with administrator privileges.

Fourth, be cautious with skill marketplace downloads. Carefully review code before installing ClawHub “skill packs.” Avoid skill packs that require “download ZIP,” “execute shell scripts,” or “enter passwords.”

Fifth, prevent social engineering attacks and browser hijacking. Use browser sandboxes, web filters, and extensions to block suspicious scripts, enable audit logs, and disconnect from the network or reset passwords if suspicious activity occurs. Avoid visiting unknown websites, clicking unfamiliar links, or opening untrusted documents.

Sixth, establish long-term protection mechanisms. Regularly patch vulnerabilities, stay updated with official security alerts, and monitor risk warnings from platforms like the Ministry of Industry and Information Technology’s vulnerability database. Government agencies, enterprises, and individuals should use security tools and antivirus software for real-time protection and promptly address security risks. Do not disable detailed logging and auditing.

Uninstallation instructions from the platform:

Open the terminal and execute:

openclaw uninstall

Use the mouse to move the cursor up and down, press the spacebar to select all options, then press Enter to confirm.

Choose “yes” and press Enter; this will automatically delete OpenClaw’s working directory.

To uninstall npm packages:

1. For npm:

npm rm -g openclaw

2. For pnpm:

pnpm remove -g openclaw

3. For bun:

bun remove -g openclaw

Reporter: Zhang Jing