Recently, a “lobster” has taken the financial world by storm. This is OpenClaw, an AI agent named for its lobster-like icon. In the past few days, numerous securities firms’ quantitative research teams have been busy releasing operation guides and holding sharing sessions, attracting a record number of applicants, including clients from public and private funds, insurance asset management companies, and listed corporations.
Unlike cloud-based large models, OpenClaw operates entirely locally, possessing system permissions equivalent to the user. It can function like a digital butler, handling emails, writing code, and even automatically shopping online. However, for investment research professionals, its most compelling feature is the potential to liberate them from tedious daily tasks. For investors, the more noteworthy aspect is whether this opens a new window of investment opportunity.
Just as this “gold rush” fervor was building, the National Computer Network Emergency Response Technical Team/Coordination Center of China issued a risk warning about OpenClaw’s security on March 10th. For critical sectors like finance and energy, it could lead to leaks of core business data, trade secrets, and code repositories, and could even paralyze entire business systems, causing immeasurable losses.
Simultaneously, multiple financial institutions internally sounded the alarm, issuing memos highlighting the potential cybersecurity risks of OpenClaw and strictly prohibiting its installation and use on company devices, sounding a cautionary note amidst the technological frenzy.
The value chain of investment research typically consists of three parts: information processing, research production, and decision support. In the past, researchers spent a huge amount of energy on low-value, repetitive tasks like data cleaning, announcement sorting, and report formatting. For example, in event-driven or fundamental research, teams had to manually open, read, extract, and summarize a massive number of announcements daily.
OpenClaw directly addresses this pain point. Based on conversational interaction, it can automatically run a complete workflow: daily announcement capture, classification and identification, key information extraction, and output of structured results. The system first checks dates and data availability, then captures titles for initial screening, concurrently parses PDF content, extracts figures, entities, event statuses, and key sentence summaries. Finally, it prioritizes results by business value, generating Excel summaries and message texts ready for use in morning meetings, real-time trading, or post-market reviews.
This is the fundamental difference between OpenClaw and traditional AI tools. According to a research report from Sinolink Securities, while traditional agent tools are simpler than coding, they still require users to manually design every step of the workflow. OpenClaw automates the chaining of these tools, completing process design and scheduled execution simply through dialogue.
In tests conducted by Founder Securities’ quantitative team, OpenClaw demonstrated high efficiency and completion rates in several professional financial scenarios: integrating with financial data interfaces like Tonghuashun, RICE, and Wind; constructing classic PB-ROE stock selection strategies and “cup with handle” pattern strategies; and even achieving fully automated factor mining and backtesting.
A report from Zheshang Securities stated that OpenClaw’s value in investment research essentially frees people from the manual labor of information processing, allowing them to focus more on strategic innovation, complex judgment, and value creation. “For active investment researchers, it’s a lever for efficiency; for quantitative researchers, it’s an accelerator for strategy; for individual investors, it’s a tool for capability equalization,” the report noted.
Security “Clamp”: The hidden dangers behind the frenzy
However, “raising a lobster” is not without risks. Several quantitative research teams from securities firms have pointed out OpenClaw’s technical flaws. For instance, the problem of large model “hallucinations” persists; the AI’s outputs can be inconsistent or erroneous under different timing or prompts, and model iterations or new feature developments could also lead to different conclusions.
But the most concerning issue is the security risk. A report from Soochow Securities indicated that OpenClaw is still in its early stages, with an immature ecosystem, controversial permission designs, and fuzzy security boundaries. The quality of third-party “Skills” (modules supporting OpenClaw execution, akin to “plugins”) is uneven, and some might even contain malicious code. A Sinolink Securities report also warned that OpenClaw possesses extremely high system permissions, capable of accessing all files on a computer. If users subsequently need to expose OpenClaw to the public network, strict restrictions on its permissions are mandatory.
Recently, several securities firms have urgently issued internal memos, clearly warning about the security risks of OpenClaw. Some notifications stated that OpenClaw presents risks such as blurred trust boundaries, permission abuse, and leaks of core information. It could easily be induced to perform unauthorized operations or maliciously taken over, seriously threatening the company’s network and information security. Some firms explicitly prohibit employees from installing or using OpenClaw on any company-issued assets like computers and servers. They also require that if employees install the program on personal devices, those devices must not connect to the company network, and must have legitimate antivirus software installed and kept updated.
The “Gold Rush” begins: Who’s selling the shovels?
“The recent surge in market attention on OpenClaw has led to significantly more institutional clients signing up for our investment research application training sessions than ever before. Participants mainly include investment institutions like public funds, private funds, securities firms’ proprietary trading desks, and insurance asset managers, along with some corporate clients,” revealed Wei Jianrong, Deputy Director of the Research Institute and Head of Financial Engineering at Kaiyuan Securities, to a Shanghai Securities News reporter. “Investors are generally focused on the practical application of new technologies and their value for investment research.”
Looking back, every wave of technological change creates two types of opportunities: one for the users of the tool, and another for the “shovel sellers” – those providing the infrastructure and services for the tool. OpenClaw’s open-source nature means it isn’t a commercial product itself, but the demand derived from it is fermenting.
First, as more people start “raising lobsters”, computing power demand will surge. Data from an Industrial Securities report shows that, driven by the OpenClaw craze, from March 2nd to March 8th, 2026, three of the top five models by call volume on the OpenRouter platform came from Chinese manufacturers, collectively accounting for 65% of the Top 5’s total calls and consuming approximately 13.7T tokens, a significant year-over-year increase. OpenClaw is evolving from a single open-source project into an industry-level engine driving hardware upgrades and cloud service restructuring. The structural shift in computing power demand it triggers will reshape the competitive landscape of AI infrastructure, with CPU concurrency scheduling capabilities and unified memory architecture becoming new core competencies.
The flip side of risk is also opportunity. The potential security hidden dangers, permission management challenges, and variable quality of third-party skills during OpenClaw’s operation precisely outline a service market taking shape. A Guolian Minsheng Securities report suggests that enterprise-level OpenClaw implementation needs to overcome three major hurdles: knowledge fusion, security sandboxing, and business system APIs. Cloud vendors, by offering customized AI work platforms, security protection, and persistent storage, have the potential to widen profit margins.
“We’ve observed that many clients have needs for assisted deployment,” Gao Zhiwei, Chief Analyst of Financial Engineering at Sinolink Securities, told reporters. He explained that OpenClaw represents a class of agent frameworks with stronger execution capabilities. The beneficiaries around it, such as cloud deployment and security services, indeed have industrial parallels. “No company would easily let an agent access files, financial systems, or trading systems. This will require more security software and antivirus solutions to emerge.” However, he believes that domestic computing power and related industrial chains are accelerating development, and overall, the situation is improving positively.