Singapore’s Infocomm Media Development Authority released its first official advisory on OpenClaw deployment on May 14, warning organizations against creating single “all-powerful” agents with unrestricted access to files and applications. The guidance also recommends against running OpenClaw on personal devices containing sensitive data, and urges enterprises to review any OpenClaw implementations in core production and financial systems.
What the Advisory Recommends
IMDA’s core recommendation is architectural: deploy multiple agents with narrow, clearly defined roles rather than a single agent with broad access. A calendar scheduling agent should be separate from a coding assistant. The agency also recommends device segregation, keeping agents off machines that hold sensitive information, and implementing human approval workflows for high-stakes or irreversible actions.
On identity management, IMDA calls for creating unique accounts for each agent rather than letting them reuse personal credentials. All agent actions should be logged to a persistent directory. “Managed identity for agents should be recognised as a foundational control layer, particularly as agents increasingly act as proxies for human users across systems,” the advisory states, according to The Straits Times.
The Security Numbers
As of April 2026, more than 400 vulnerabilities and exposures related to OpenClaw have been reported on intelligence platform OpenCVE. Roughly a quarter of those were classified as “highly severe,” meaning they could lead to major damage such as data theft, according to IMDA.
The advisory highlights several specific risk vectors. By default, OpenClaw inherits the privileges of the user account that installs it, giving it access to any file that user can reach. When connected to Slack, it may accept instructions from any channel participant without added authentication. And skills downloaded from ClawHub, while a key driver of OpenClaw’s capabilities, “may not have gone through rigorous testing and may contain malicious instructions.” IMDA cited reports of the Atomic macOS Stealer malware being distributed as fake OpenClaw skills disguised as YouTube video downloaders and cryptocurrency wallet trackers.
Who Built the Framework
The advisory draws on IMDA’s Model AI Governance Framework for Agentic AI, released in January 2026, and technical input from Singapore’s Government Technology Agency, the Cyber Security Agency, Grab, Microsoft, and Tencent. That coalition reflects Singapore’s broader approach to AI governance: building frameworks through public-private collaboration with companies that have direct deployment experience.
Singapore has seen more than 20 community-led OpenClaw events, drawing developers and entrepreneurs interested in real-use cases. The advisory is positioned not as a ban but as a set of operational guard rails. “The aim is not to avoid such tools but to use them with clear limits, accountability and safeguards,” IMDA said.
The Regulatory Signal
Singapore is the first national regulator to publish purpose-built OpenClaw deployment guidance grounded in a formal agentic AI governance framework. China has banned state enterprises and government agencies from running OpenClaw on office computers. Meta has reportedly banned employees from using it on work laptops. IMDA’s approach falls between prohibition and permissiveness: accept the risks deliberately rather than through “default configurations that were overlooked.”
For enterprise teams evaluating OpenClaw deployments, the advisory’s emphasis on per-agent identity, least-privilege access, and mandatory logging mirrors security patterns already standard in cloud infrastructure. The question is whether other national regulators follow Singapore’s framework-first approach or China’s outright restrictions. IMDA’s advisory explicitly frames itself as “a starting point rather than a complete solution,” signaling that more prescriptive requirements could follow.