OpenClaw Newsletter - 2026-05-04
OpenClaw Newsletter
Monday, May 4, 2026Top Stories
- OpenClaw 2026.5.3 — Highlights - Plugins/file-transfer: add bundled file-transfer plugin with file_fetch, dir_list, dir_fetch, and file_write agent tools for binary file ops on paired nodes; default-deny per-node path...
- openclaw 2026.5.3-beta.3 — 2026.5.3 Highlights - Plugins/file-transfer: add bundled file-transfer plugin with file_fetch, dir_list, dir_fetch, and file_write agent tools for binary file ops on paired nodes; default-deny...
- OpenClaw 2026.5.3 beta 2 — 2026.5.3 Highlights - Plugins/file-transfer: add bundled file-transfer plugin with file_fetch, dir_list, dir_fetch, and file_write agent tools for binary file ops on paired nodes; default-deny...
- openclaw 2026.5.2-beta.2 — 2026.5.2 Highlights - External plugin installation now covers diagnostics, onboarding, doctor repair, channel setup, install/update records, and artifact metadata while keeping bare package installs...
- fix #77165: [Feature] Auto-Generate Session Titles via AI Summarization — Summary Fixes #77165 Issue [[Feature] Auto-Generate Session Titles via AI Summarization](https://github.com/openclaw/openclaw/issues/77165) Changes - fix(sessions): use configurable maxChars in title...
- fix(qqbot): support QQBOT_DATA_DIR environment variable — Allow users to customize QQBot data directory by setting QQBOT_DATA_DIR environment variable. Falls back to ~/.openclaw/qqbot when not set. Fixes #39461 Summary Describe the problem and fix in 2–5...
- docs(providers/openai): note OpenAI Realtime requires Platform credits, not Codex/ChatGPT subscription — Summary Adds an inline clarification to docs/providers/openai.md that OpenAI Realtime voice (used by Voice Call realtime.provider: "openai" and Control UI Talk with talk.provider: "openai") goes...
- fix(qqbot): keep private commands off framework surface [AI] — Summary - Problem: QQBot private-only authenticated slash commands were also published through the generic plugin command registry. - Why it matters: the generic command path cannot preserve QQBot...
- fix: proxy direct APNs HTTP2 sessions — Summary - route direct APNs HTTP/2 sessions through the active OpenClaw managed proxy using an explicit CONNECT tunnel - keep the existing APNs send API; replace only the low-level http2.connect()...
- CLI suggests `plugins.allow` for unknown subcommands when input is actually an agent tool name — Summary When a user invokes openclaw where is a registered agent tool owned by an enabled, loaded plugin (not a plugin id and not a bundled CLI surface), the CLI router emits a misleading error that...
- fix(control-ui): reserve safe-area-inset-bottom on sticky chat compose for iOS PWA — Summary Adds padding-bottom: env(safe-area-inset-bottom, 0px) to .shell--chat .chat-compose so the Control UI sticky chat compose reserves room for the iOS home indicator. Without this, the bottom...
- [Bug] gateway can't recover from npm chunk-hash replacement during in-place upgrade — graceful shutdown depends on now-missing chunk — Bug type Crash (process/app exits or hangs) Beta release blocker No Summary When npm install -g openclaw@ runs while the openclaw gateway is alive, the new install replaces hash-suffixed chunk files...
- feat: add user input blocking lifecycle gates — Summary - Adds a pass/block-only before_agent_run lifecycle hook before provider submission. - Treats the hook as raw conversation access, fail-closes malformed/failed input-gate decisions, and skips...
- fix(secrets): degrade stale auth profile refs on startup — Summary - Fixes #75814. - Keeps gateway startup online when a stale SecretRef exists only in a stored auth profile. - Degrades the affected runtime auth profile by removing the failed keyRef/tokenRef...
- Fix/sessions list resolver cache — Summary - Problem: sessions.list (Control UI polling) burned huge amounts of CPU on stores with many sessions. Production CPU profile on a 1217-session store showed listSessionsFromStoreAsync →...
- fix(tasks): quarantine corrupt task registry SQLite store — Summary This adds an availability-first fallback for a corrupt task-registry SQLite store. When the task registry detects a narrow class of SQLite corruption/open/read errors, it now: - preserves...
- feat(infra): add bounded filesystem operations — Summary - extend fs-safe with bounded stat, readdir, and same-root rename helpers - cover missing, traversal, directory listing, and rename behavior in fs-safe tests - pivot this draft PR away from...
- fix(device-pair): require pairing scope for pair command [AI] — Summary - Problem: /pair management actions could run from command-capable chat surfaces without pairing privileges. - Why it matters: setup code, QR, approval, cleanup, and status actions manage...
- fix(agents): harden subagent lifecycle calls against transient gateway readiness failures — Summary - add a bounded sessions.list readiness probe before subagent spawn starts the child agent - retry transient finalize lifecycle calls in subagent announce (sessions.patch / sessions.delete) -...
- fix(plugins): grant internalDiagnostics to global-origin official diagnostics plugins — Summary Fixes #77206 — diagnostics-otel and diagnostics-prometheus fail with "internal diagnostics capability unavailable" after upgrading to 2026.5.2 because they were externalized from the bundled...
- feat: add scoped mention pattern policy — Summary - add a shared scoped mention-pattern policy for global, agent, and provider/channel overrides - apply configured mention-pattern gating across channel runtimes while preserving native...
- [Bug]: Slack DM replies still misroute / mis-attribute in Control on 2026.5.2 after fix for #59001 — Bug type Behavior bug (incorrect output/state without crash) Beta release blocker No Summary Slack DMs still behave incorrectly on OpenClaw 2026.5.2 even after the fix that closed #59001 What I see...
- fix(plugins): allowlist bundled provider discovery — Summary - Adds plugins.bundledDiscovery with default compat and opt-in allowlist policy for bundled provider discovery. - Applies the policy to provider setup/runtime activation and public-artifact...
- fix(telegram): share per-token API throttler across polling and CLI; handle reasoning overflow — Summary Related to #41581 — allows for full reasoning stream by fixing the overflow and rate-limit issues that previously caused truncation and 429 failures during long streaming sessions. -...
- fix(exec): block unisolated heavy validation commands — Summary - add an exec-tool preflight guard for known-heavy validation commands before local Gateway execution - fail closed for unisolated package-manager install/lint/build/typecheck/test commands...
- feat(sessions): auto-revert to primary model after image analysis — Summary After using a vision/image model for analyzing images (via fallback mechanism), the session stays on the vision/fallback model instead of automatically reverting to the primary/default model....
- Gate QQBot streaming command auth [AI] — Summary - Problem: QQBot /bot-streaming was private-chat-only but was not routed through command authorization. - Why it matters: The command writes persistent QQBot streaming config, so it should...
- fix(telegram): preserve default tool progress when preview streaming is off — Summary - Stop suppressing default tool progress messages when Telegram preview streaming is disabled. - Continue suppressing default progress while an answer draft stream exists, avoiding duplicate...
- [Bug] diagnostics-otel: "internal diagnostics capability unavailable" after upgrade to 2026.5.2 — origin gate regression — Bug type Behavior bug — plugin capability regression in 2026.5.2 Summary After upgrading to OpenClaw 2026.5.2, the diagnostics-otel plugin fails at startup with internal diagnostics capability...
- Refine responsive Control UI chat controls — Summary - Add agent-scoped chat session filtering and consolidate the desktop/mobile chat controls through the shared session-control renderer. - Make the Control UI chat controls responsive across...
- fix: bound trajectory runtime flush — Summary - Replace #77133 with a bounded trajectory-runtime fix for #77124. - Bound runtime trajectory payload shaping before redaction/stringify, including tool definitions built before recordEvent....
- pi-trajectory-flush: 50MB trajectory file blocks event loop for 25+ minutes after flush timeout — Summary When a session accumulates a large trajectory file (50MB+), pi-trajectory-flush exceeds its 10s timeout. After timeout, the cleanup continues running in the background but the event loop...
- [codex] add durable message lifecycle delivery — Summary - Add the message lifecycle refactor spec and wire opt-in durable final reply delivery for assembled channel turns. - Preserve owner boundaries for channel-specific delivery paths while...
- [Bug]: pdf-tool initialization blocks event loop for ~10s on every run — Bug type Behavior bug (incorrect output/state without crash) Beta release blocker No Summary The pdf-tool core embedded tool takes ~10 seconds to initialize on every agent run, blocking the Node.js...
- OpenClaw repo stats for 2026-05-04 — 368053 stars, 75772 forks, 2101 contributors
- OpenClaw sponsors (124 total) — 124 sponsors supporting OpenClaw
- ci: use app token for Convex AI update PRs
- fix: keep oxlint underscore rule disabled
- test: fix http api rate limit mock
- fix: raise admin api rate limits
- fix: raise trusted publish rate limit
- fix: validate clawpack runtime entries against extracted files
- fix: keep package dry-run metadata-only
- fix: reject code plugins without runtime output
- fix: allow admin plugin release publishes
- fix: infer package owner from scoped names
- fix: raise authenticated write rate limit
- fix: support monorepo package publishes
- fix(api): expose legacy zip artifact aliases — Expose legacy ZIP resolver compatibility aliases without confusing publish-time content hashes for downloaded archive integrity.
- fix(web): canonicalize scoped plugin paths
- fix(api): decode scoped package paths
- fix(packages): use single-window search fallback
- fix(packages): rebuild search queries per page
- fix(api): return lean skill list payloads
- fix(search): reduce lexical fallback scan budget
- fix(api): route package search through digest index
- openclaw v2026.5.3 on npm — Multi-channel AI gateway with extensible messaging integrations
- mradermacher/Medina-Qwen3.5-27B-OpenClaw-Uncensored-i1-GGUF
- OpenClaw on DigitalOcean — Deploy your own personal AI assistant with OpenClaw on a DigitalOcean Droplet® server, a powerful open-source platform that runs entirely on your infrastructure. OpenClaw connects to the messaging...
- OpenClaw privilege escalation vulnerability
- OpenClaw isn't fooling me. I remember MS-DOS
- OpenClaw surpasses React to become the most-starred software project on GitHub
- Connecting LLMs to the Real World: A Deep Dive into OpenClaw and Nexconn APIs — OpenClaw has captured the developer world's imagination. But turning its promise into a...
- Is Custom OpenClaw Development Services Worth It, Or Just Another Overengineered Solution? — Is investing in a custom-built AI automation system actually a smart move, or just another layer of unnecessary complexity? The short…Continue reading on Medium »
- OpenClaw vs Hermes Agent: Why I Switched (And What Surprised Me) — The selection of an appropriate AI agent demonstrates its major effect on productivity when users work with local models and develop…Continue reading on Medium »
- Why I Dropped Everything to Learn OpenClaw (And You Should Too) — The fastest-growing repository in GitHub history isn’t a frontend framework, a database, or a cloud SDK. It’s an AI agent runtime that…Continue reading on Medium »
- OpenClaw vs. Hermes Agent — Infrastructure vs. Autonomy — The Great Convergence: Two Paths to the Agentic OSContinue reading on All about GenAI »
- Could This AI Project BE Any More Fun? Building Agents With Friends — Hi 👋 Quick intro before we dive in: I’m Ilyass — DevOps Engineer. Twelve years in tech, and a few pretty different worlds along the way…Continue reading on Medium »
- ShadowC2 — I Built an AI-Controlled Red Team C2 That You Operate Entirely Through Telegram Using… — No SSH. No console. No terminal. Message your Telegram bot in plain English and your Sliver C2 server does the rest — powered by OpenClaw…Continue reading on Medium »
- The End of Manual Prospecting: How I Taught AI to Build B2B Contact Lists Automatically — If you work in B2B, you know the pain: to sell anything, you need a high-quality list of prospects.Continue reading on Medium »
- Same Direction, Different Shore: OpenClaw Optimizes the Agent, Self OS Optimizes the Human — Same Direction, Different ShoreContinue reading on Medium »
- Building My AI Butler Part 1: A Home Lab Journey Inspired by OpenClaw — I’ve been thinking of running an AI assistant in my home lab for a while now. Imagine a smart assistant that can advise you on bus arrival…Continue reading on Medium »
- What Is OpenClaw and Why Should Immigration Lawyers Care? — The AI Tool That’s Quietly Transforming Immigration Practices Across the CountryContinue reading on Medium »
- Poe — Poe is a web-based AI platform that hosts multiple assistant bots—including Claude and various GPT and image/audio models—to provide conversational Q&A, image and audio generation, and automated AI...
- Helpful Skills or Hidden Payloads? Bitdefender Labs Dives Deep into the OpenClaw Malicious Skill Trap — With hundreds of malicious OpenClaw skills blending in among legitimate ones, manually reviewing every script or command isn’t realistic — especially when skills are designed to look helpful and...
- 5UUH9RTDiSpq6HKS6bp4NdU9PNJpXRXuiw6ShBTBhgH2 $TROLL momentum score just came in hot on openclaw 🔥 ┃🧫┃ $TROLL ┃💰┃ M
- 2auyF5SyQe1snRUh1z3MxHWpuUkR3shmWijPmJmhpump my openclaw analyst flagged $TEAL as a buy. noted 🦞 ┃🧫┃ $TEAL ┃💰┃ MC :
- 8x1LnnZQxtpg1G8s6rMuo2DygpZkGbyitQ7qHdJbpump openclaw on $VIALPUMP —momentum strong, risk low. easy ┃🧫┃ $VIALPUMP ┃
- @openclaw Honestly, fewer paper cuts is the real feature. 🦞
- @openclaw Ok a decent claw, finally
- @cyan119x @openclaw Wth! I can't access the discord server. Was I kicked out or was it kicked out? 🤔
- > This is how easy it is to connect gmail to your openclaw, just give this prompt: >Before you disagree, Read the
- 5hPBp5VoWRqsuov9NMgQqankb1zUpbnHhe7zPEY4pump openclaw confirmed what the chart was already telling me on $TrollGoon
- @JDWang11 @openclaw Same. And the invite link is dead.
- @openclaw I have a good feeling about this release. Plugins don’t disappear but get installed instead :) Snappy response
- Hn7Urq1gfc3AVGYY1kQ9SJja15Y3RmKF7jNtt4Ewpump openclaw flagged $Foodrot early. price is moving exactly as predicted W
- @openclaw This feels like a huge update, so much quicker even than yesterday and is just firing though fixes itself
- Ha5Z2DfRv6Ar2nAeBLCGWHqzwXKL3of4DqKwzzwpump been tracking $FOFAR on openclaw for a week. forecast holding strong Was
- 9YUg2r8xg6tVdm9dJTShN5i2n1oeFfXkhqfsjmAxpump openclaw confirmed what the chart was already telling me on $Leucistic
- FfPryhuC6Bahn6agpLe2X1gaibsPpZbR1gn49KW7pump $WUI is looking good on openclaw right now ngl Was Made Using - @OpenC
- 2Fiut5a3s7vBkGFKXd7kH2v8W1idJ9g7CWAvMEdVpump openclaw called $GAY bullish. i'm listening ┃🧫┃ $GAY ┃💰┃ MC : $69.6K
- BnXWvsVZYgBxTUDyDqHZjvFbQGvEZeipY4ZdmqCbpump just checked $assface on openclaw—forecast looking clean 🦞 Was Made Usi
- HXzqEEUjQ6JevbrJiMBAwoiCVikZb93XHmYtde4iCA3G just checked $Spirit —openclaw showing strong upside signals ┃🧫┃ $Spiri
- HXzqEEUjQ6JevbrJiMBAwoiCVikZb93XHmYtde4iCA3G been tracking $Spirit on openclaw for a week. forecast holding strong W
- AUuvjZdnDPe7bt6RDixEW69y92LiyMQZp5RxRb8hpump been watching $newt through openclaw, momentum is building Was Made Usi
Trending on X
- 5UUH9RTDiSpq6HKS6bp4NdU9PNJpXRXuiw6ShBTBhgH2 $TROLL momentum score just came in hot on openclaw 🔥 ┃🧫┃ $TROLL ┃💰┃ M
- 2auyF5SyQe1snRUh1z3MxHWpuUkR3shmWijPmJmhpump my openclaw analyst flagged $TEAL as a buy. noted 🦞 ┃🧫┃ $TEAL ┃💰┃ MC :
- 8x1LnnZQxtpg1G8s6rMuo2DygpZkGbyitQ7qHdJbpump openclaw on $VIALPUMP —momentum strong, risk low. easy ┃🧫┃ $VIALPUMP ┃
- @openclaw Honestly, fewer paper cuts is the real feature. 🦞
- @openclaw Ok a decent claw, finally
- @cyan119x @openclaw Wth! I can't access the discord server. Was I kicked out or was it kicked out? 🤔
- > This is how easy it is to connect gmail to your openclaw, just give this prompt: >Before you disagree, Read the
- 5hPBp5VoWRqsuov9NMgQqankb1zUpbnHhe7zPEY4pump openclaw confirmed what the chart was already telling me on $TrollGoon
- @JDWang11 @openclaw Same. And the invite link is dead.
- @openclaw I have a good feeling about this release. Plugins don’t disappear but get installed instead :) Snappy response
- Hn7Urq1gfc3AVGYY1kQ9SJja15Y3RmKF7jNtt4Ewpump openclaw flagged $Foodrot early. price is moving exactly as predicted W
- @openclaw This feels like a huge update, so much quicker even than yesterday and is just firing though fixes itself
- Ha5Z2DfRv6Ar2nAeBLCGWHqzwXKL3of4DqKwzzwpump been tracking $FOFAR on openclaw for a week. forecast holding strong Was
- 9YUg2r8xg6tVdm9dJTShN5i2n1oeFfXkhqfsjmAxpump openclaw confirmed what the chart was already telling me on $Leucistic
- FfPryhuC6Bahn6agpLe2X1gaibsPpZbR1gn49KW7pump $WUI is looking good on openclaw right now ngl Was Made Using - @OpenC
- 2Fiut5a3s7vBkGFKXd7kH2v8W1idJ9g7CWAvMEdVpump openclaw called $GAY bullish. i'm listening ┃🧫┃ $GAY ┃💰┃ MC : $69.6K
- BnXWvsVZYgBxTUDyDqHZjvFbQGvEZeipY4ZdmqCbpump just checked $assface on openclaw—forecast looking clean 🦞 Was Made Usi
- HXzqEEUjQ6JevbrJiMBAwoiCVikZb93XHmYtde4iCA3G just checked $Spirit —openclaw showing strong upside signals ┃🧫┃ $Spiri
- HXzqEEUjQ6JevbrJiMBAwoiCVikZb93XHmYtde4iCA3G been tracking $Spirit on openclaw for a week. forecast holding strong W
- AUuvjZdnDPe7bt6RDixEW69y92LiyMQZp5RxRb8hpump been watching $newt through openclaw, momentum is building Was Made Usi
Releases
- OpenClaw 2026.5.3 — Highlights - Plugins/file-transfer: add bundled file-transfer plugin with file_fetch, dir_list, dir_fetch, and file_write agent tools for binary file ops on paired nodes; default-deny per-node path...
- openclaw 2026.5.3-beta.3 — 2026.5.3 Highlights - Plugins/file-transfer: add bundled file-transfer plugin with file_fetch, dir_list, dir_fetch, and file_write agent tools for binary file ops on paired nodes; default-deny...
- OpenClaw 2026.5.3 beta 2 — 2026.5.3 Highlights - Plugins/file-transfer: add bundled file-transfer plugin with file_fetch, dir_list, dir_fetch, and file_write agent tools for binary file ops on paired nodes; default-deny...
- openclaw 2026.5.2-beta.2 — 2026.5.2 Highlights - External plugin installation now covers diagnostics, onboarding, doctor repair, channel setup, install/update records, and artifact metadata while keeping bare package installs...
- OpenClaw repo stats for 2026-05-04 — 368053 stars, 75772 forks, 2101 contributors
- openclaw v2026.5.3 on npm — Multi-channel AI gateway with extensible messaging integrations
Community
- fix #77165: [Feature] Auto-Generate Session Titles via AI Summarization — Summary Fixes #77165 Issue [[Feature] Auto-Generate Session Titles via AI Summarization](https://github.com/openclaw/openclaw/issues/77165) Changes - fix(sessions): use configurable maxChars in title...
- fix(qqbot): support QQBOT_DATA_DIR environment variable — Allow users to customize QQBot data directory by setting QQBOT_DATA_DIR environment variable. Falls back to ~/.openclaw/qqbot when not set. Fixes #39461 Summary Describe the problem and fix in 2–5...
- docs(providers/openai): note OpenAI Realtime requires Platform credits, not Codex/ChatGPT subscription — Summary Adds an inline clarification to docs/providers/openai.md that OpenAI Realtime voice (used by Voice Call realtime.provider: "openai" and Control UI Talk with talk.provider: "openai") goes...
- fix(qqbot): keep private commands off framework surface [AI] — Summary - Problem: QQBot private-only authenticated slash commands were also published through the generic plugin command registry. - Why it matters: the generic command path cannot preserve QQBot...
- fix: proxy direct APNs HTTP2 sessions — Summary - route direct APNs HTTP/2 sessions through the active OpenClaw managed proxy using an explicit CONNECT tunnel - keep the existing APNs send API; replace only the low-level http2.connect()...
- CLI suggests `plugins.allow` for unknown subcommands when input is actually an agent tool name — Summary When a user invokes openclaw where is a registered agent tool owned by an enabled, loaded plugin (not a plugin id and not a bundled CLI surface), the CLI router emits a misleading error that...
- fix(control-ui): reserve safe-area-inset-bottom on sticky chat compose for iOS PWA — Summary Adds padding-bottom: env(safe-area-inset-bottom, 0px) to .shell--chat .chat-compose so the Control UI sticky chat compose reserves room for the iOS home indicator. Without this, the bottom...
- [Bug] gateway can't recover from npm chunk-hash replacement during in-place upgrade — graceful shutdown depends on now-missing chunk — Bug type Crash (process/app exits or hangs) Beta release blocker No Summary When npm install -g openclaw@ runs while the openclaw gateway is alive, the new install replaces hash-suffixed chunk files...
- feat: add user input blocking lifecycle gates — Summary - Adds a pass/block-only before_agent_run lifecycle hook before provider submission. - Treats the hook as raw conversation access, fail-closes malformed/failed input-gate decisions, and skips...
- fix(secrets): degrade stale auth profile refs on startup — Summary - Fixes #75814. - Keeps gateway startup online when a stale SecretRef exists only in a stored auth profile. - Degrades the affected runtime auth profile by removing the failed keyRef/tokenRef...
- Fix/sessions list resolver cache — Summary - Problem: sessions.list (Control UI polling) burned huge amounts of CPU on stores with many sessions. Production CPU profile on a 1217-session store showed listSessionsFromStoreAsync →...
- fix(tasks): quarantine corrupt task registry SQLite store — Summary This adds an availability-first fallback for a corrupt task-registry SQLite store. When the task registry detects a narrow class of SQLite corruption/open/read errors, it now: - preserves...
- feat(infra): add bounded filesystem operations — Summary - extend fs-safe with bounded stat, readdir, and same-root rename helpers - cover missing, traversal, directory listing, and rename behavior in fs-safe tests - pivot this draft PR away from...
- fix(device-pair): require pairing scope for pair command [AI] — Summary - Problem: /pair management actions could run from command-capable chat surfaces without pairing privileges. - Why it matters: setup code, QR, approval, cleanup, and status actions manage...
- fix(agents): harden subagent lifecycle calls against transient gateway readiness failures — Summary - add a bounded sessions.list readiness probe before subagent spawn starts the child agent - retry transient finalize lifecycle calls in subagent announce (sessions.patch / sessions.delete) -...
- fix(plugins): grant internalDiagnostics to global-origin official diagnostics plugins — Summary Fixes #77206 — diagnostics-otel and diagnostics-prometheus fail with "internal diagnostics capability unavailable" after upgrading to 2026.5.2 because they were externalized from the bundled...
- feat: add scoped mention pattern policy — Summary - add a shared scoped mention-pattern policy for global, agent, and provider/channel overrides - apply configured mention-pattern gating across channel runtimes while preserving native...
- [Bug]: Slack DM replies still misroute / mis-attribute in Control on 2026.5.2 after fix for #59001 — Bug type Behavior bug (incorrect output/state without crash) Beta release blocker No Summary Slack DMs still behave incorrectly on OpenClaw 2026.5.2 even after the fix that closed #59001 What I see...
- fix(plugins): allowlist bundled provider discovery — Summary - Adds plugins.bundledDiscovery with default compat and opt-in allowlist policy for bundled provider discovery. - Applies the policy to provider setup/runtime activation and public-artifact...
- fix(telegram): share per-token API throttler across polling and CLI; handle reasoning overflow — Summary Related to #41581 — allows for full reasoning stream by fixing the overflow and rate-limit issues that previously caused truncation and 429 failures during long streaming sessions. -...
- fix(exec): block unisolated heavy validation commands — Summary - add an exec-tool preflight guard for known-heavy validation commands before local Gateway execution - fail closed for unisolated package-manager install/lint/build/typecheck/test commands...
- feat(sessions): auto-revert to primary model after image analysis — Summary After using a vision/image model for analyzing images (via fallback mechanism), the session stays on the vision/fallback model instead of automatically reverting to the primary/default model....
- Gate QQBot streaming command auth [AI] — Summary - Problem: QQBot /bot-streaming was private-chat-only but was not routed through command authorization. - Why it matters: The command writes persistent QQBot streaming config, so it should...
- fix(telegram): preserve default tool progress when preview streaming is off — Summary - Stop suppressing default tool progress messages when Telegram preview streaming is disabled. - Continue suppressing default progress while an answer draft stream exists, avoiding duplicate...
- [Bug] diagnostics-otel: "internal diagnostics capability unavailable" after upgrade to 2026.5.2 — origin gate regression — Bug type Behavior bug — plugin capability regression in 2026.5.2 Summary After upgrading to OpenClaw 2026.5.2, the diagnostics-otel plugin fails at startup with internal diagnostics capability...
- Refine responsive Control UI chat controls — Summary - Add agent-scoped chat session filtering and consolidate the desktop/mobile chat controls through the shared session-control renderer. - Make the Control UI chat controls responsive across...
- fix: bound trajectory runtime flush — Summary - Replace #77133 with a bounded trajectory-runtime fix for #77124. - Bound runtime trajectory payload shaping before redaction/stringify, including tool definitions built before recordEvent....
- pi-trajectory-flush: 50MB trajectory file blocks event loop for 25+ minutes after flush timeout — Summary When a session accumulates a large trajectory file (50MB+), pi-trajectory-flush exceeds its 10s timeout. After timeout, the cleanup continues running in the background but the event loop...
- [codex] add durable message lifecycle delivery — Summary - Add the message lifecycle refactor spec and wire opt-in durable final reply delivery for assembled channel turns. - Preserve owner boundaries for channel-specific delivery paths while...
- [Bug]: pdf-tool initialization blocks event loop for ~10s on every run — Bug type Behavior bug (incorrect output/state without crash) Beta release blocker No Summary The pdf-tool core embedded tool takes ~10 seconds to initialize on every agent run, blocking the Node.js...
- OpenClaw sponsors (124 total) — 124 sponsors supporting OpenClaw
- ci: use app token for Convex AI update PRs
- fix: keep oxlint underscore rule disabled
- test: fix http api rate limit mock
- fix: raise admin api rate limits
- fix: raise trusted publish rate limit
- fix: validate clawpack runtime entries against extracted files
- fix: keep package dry-run metadata-only
- fix: reject code plugins without runtime output
- fix: allow admin plugin release publishes
- fix: infer package owner from scoped names
- fix: raise authenticated write rate limit
- fix: support monorepo package publishes
- fix(api): expose legacy zip artifact aliases — Expose legacy ZIP resolver compatibility aliases without confusing publish-time content hashes for downloaded archive integrity.
- fix(web): canonicalize scoped plugin paths
- fix(api): decode scoped package paths
- fix(packages): use single-window search fallback
- fix(packages): rebuild search queries per page
- fix(api): return lean skill list payloads
- fix(search): reduce lexical fallback scan budget
- fix(api): route package search through digest index
News
- mradermacher/Medina-Qwen3.5-27B-OpenClaw-Uncensored-i1-GGUF
- OpenClaw on DigitalOcean — Deploy your own personal AI assistant with OpenClaw on a DigitalOcean Droplet® server, a powerful open-source platform that runs entirely on your infrastructure. OpenClaw connects to the messaging...
- OpenClaw privilege escalation vulnerability
- OpenClaw isn't fooling me. I remember MS-DOS
- OpenClaw surpasses React to become the most-starred software project on GitHub
- Connecting LLMs to the Real World: A Deep Dive into OpenClaw and Nexconn APIs — OpenClaw has captured the developer world's imagination. But turning its promise into a...
- Is Custom OpenClaw Development Services Worth It, Or Just Another Overengineered Solution? — Is investing in a custom-built AI automation system actually a smart move, or just another layer of unnecessary complexity? The short…Continue reading on Medium »
- OpenClaw vs Hermes Agent: Why I Switched (And What Surprised Me) — The selection of an appropriate AI agent demonstrates its major effect on productivity when users work with local models and develop…Continue reading on Medium »
- Why I Dropped Everything to Learn OpenClaw (And You Should Too) — The fastest-growing repository in GitHub history isn’t a frontend framework, a database, or a cloud SDK. It’s an AI agent runtime that…Continue reading on Medium »
- OpenClaw vs. Hermes Agent — Infrastructure vs. Autonomy — The Great Convergence: Two Paths to the Agentic OSContinue reading on All about GenAI »
- Could This AI Project BE Any More Fun? Building Agents With Friends — Hi 👋 Quick intro before we dive in: I’m Ilyass — DevOps Engineer. Twelve years in tech, and a few pretty different worlds along the way…Continue reading on Medium »
- ShadowC2 — I Built an AI-Controlled Red Team C2 That You Operate Entirely Through Telegram Using… — No SSH. No console. No terminal. Message your Telegram bot in plain English and your Sliver C2 server does the rest — powered by OpenClaw…Continue reading on Medium »
- The End of Manual Prospecting: How I Taught AI to Build B2B Contact Lists Automatically — If you work in B2B, you know the pain: to sell anything, you need a high-quality list of prospects.Continue reading on Medium »
- Same Direction, Different Shore: OpenClaw Optimizes the Agent, Self OS Optimizes the Human — Same Direction, Different ShoreContinue reading on Medium »
- Building My AI Butler Part 1: A Home Lab Journey Inspired by OpenClaw — I’ve been thinking of running an AI assistant in my home lab for a while now. Imagine a smart assistant that can advise you on bus arrival…Continue reading on Medium »
- What Is OpenClaw and Why Should Immigration Lawyers Care? — The AI Tool That’s Quietly Transforming Immigration Practices Across the CountryContinue reading on Medium »
- Poe — Poe is a web-based AI platform that hosts multiple assistant bots—including Claude and various GPT and image/audio models—to provide conversational Q&A, image and audio generation, and automated AI...
Security
- Helpful Skills or Hidden Payloads? Bitdefender Labs Dives Deep into the OpenClaw Malicious Skill Trap — With hundreds of malicious OpenClaw skills blending in among legitimate ones, manually reviewing every script or command isn’t realistic — especially when skills are designed to look helpful and...
Don't miss what's next. Subscribe to Openclaw Newsletter: