OpenClaw

OpenClaw

Latest Updates & Key Features

Living document — Last updated: February 26, 2026

v2026.2.25 — Subagent Delivery Rewrite

The biggest reliability fix for multi-agent workflows

Subagent completion announce dispatch completely refactored into an explicit queue → direct → fallback state machine. Sub-agents now reliably report back results instead of occasionally going silent.
  • 🔄 Recovers outbound channel-plugin resolution in cold/stale plugin-registry states
  • 🧹 Cleanup bookkeeping now runs even when announce flow rejects
  • 📱 Telegram sends without message_id correctly treated as failures (not false-success)
  • 🔕 Cron duplicate guard — tracks attempted vs confirmed delivery, suppresses duplicate sends
  • 💬 Stuck typing indicators fixed across Discord, Slack, and followup turns

Issues fixed: #26867, #25961, #26803, #25069, #26741 — Thanks @SmithLabsLLC, @docaohieu2808

v2026.2.25 — Security & Platform

30+ security patches in one release

🔑
Gateway Auth Hardened
Origin checks for WebSocket clients. Password-auth throttling on localhost. Silent auto-pairing blocked for non-Control-UI browsers.
🔗
Symlink/Hardlink Escapes
Out-of-workspace symlink targets blocked. Hardlinked file aliases rejected in workspace boundary checks. Sandbox mount-root guards added.
💓
Heartbeat directPolicy
DM toggle replaced with allow/block per-agent. Breaking: default back to "allow" — set "block" explicitly if needed.
📱
Android Perf
Deferred foreground-service startup. WebView debug init moved off critical path. Startup macrobenchmark + low-noise perf CLI.
Also fixed: Slack thread sessions bricking on large parents (new parentForkMaxTokens), cron multi-account routing, model fallback chains, Discord embed text preservation, OAuth PKCE leak patched.

🔬 Deep Dive: How Subagent Delivery Actually Works Now

v2026.2.25 — From silent failures to deterministic delivery

❌ Before v2026.2.25

  • Sub-agent finishes → tries to "announce" result back via channel plugin
  • If plugin is cold/stale (gateway restart, idle timeout) → silent failure
  • Result vanishes. User never sees it.
  • Telegram: sends with no message_id treated as "success" — actually failed
  • No cleanup on failure → orphaned sessions pile up

✅ After v2026.2.25

  • Explicit state machine with 3 phases (see below)
  • Plugin resolution recovers from cold/stale states automatically
  • Telegram: no message_id = failure → triggers fallback
  • Cleanup always runs, even on rejection
  • Cron guard: "attempted" vs "confirmed" tracked separately
Subagent delivery state machine
Why this matters: Sub-agents are OpenClaw's killer feature — parallel research, content pipelines, automated QC. Before this fix, ~5-10% of results silently vanished (especially after restarts or on Telegram). Now delivery is deterministic and production-reliable.

Issues: #26867, #25961, #26803, #25069, #26741

Competition

⚔️ Competition Heats Up

Everyone wants to be the AI agent platform

Perplexity — Launched "Perplexity Computer" — their OpenClaw competitor with 19 AI models. Timing: right after OpenClaw got suspended by Google (219K GitHub stars, cut off).
Anthropic — Building OpenClaw-like features into Claude: remote terminal, cron jobs, CoWork mode. New plugins with LSEG, FactSet, Slack, DocuSign.
OpenAI — Launched Frontier platform for enterprise AI agents. Multiyear deals with 4 major consulting firms. New Lockdown Mode for high-security users.
OpenClaw's moat: self-hosted, open-source, 50+ messaging channels, any model. The big labs are building walled gardens. OpenClaw is the open alternative.

Official: v2026.2.23 & v2026.2.24 Drop

Back-to-back releases — security + polish

@openclaw (373K followers)

OpenClaw 2026.2.23 🦞

🔑 Kilo Gateway provider
🌙 Moonshot/Kimi vision + video
🧠 Compaction overflow recovery
🔒 Exec hardening
🛡️ ACP + OTEL secret redaction
⚠️ allowFrom now ID-only by default (safer authz)

50 advisories walked in, 12 survived
Then v2026.2.24 shipped the same day: stop phrases in 10+ languages, typing indicators across all channels, PowerShell 7 support, and 30+ more security fixes. Two releases in one day.
@steipete (391K) — "Very cool! Best to email me - X is now far too much noise, I only saw that out of pure luck."
@theDiverDK — "After update i get this: Gateway did not become healthy after restart..."
Mixed bag: Kilo Gateway excites power users. Some hit upgrade issues. The rapid release pace means occasional bumps.

📅 February 2026 Release Blitz

Feb 1
v2026.2.1 — Major security hardening: path traversal, LFI, exec injection fixes. 20+ community PRs merged.
Feb 6
v2026.2.6 — Opus 4.6 + GPT-5.3 Codex support. xAI Grok provider. Token usage dashboard. Skill safety scanner.
Feb 14
🔥 Peter Steinberger joins OpenAI. Project moves to independent foundation.
Feb 15
v2026.2.15 — Sub-agent orchestration. Discord Components v2. 1M token context (Anthropic beta).
Feb 17
v2026.2.17 — Claude Sonnet 4.6. iOS share extension. Slack streaming. Subagent spawning.
Feb 19
v2026.2.19 — Apple Watch support. APNs wake. Operator pairing tokens.
Feb 22
v2026.2.22 — Official rebrand to OpenClaw. Mistral provider. Auto-updater. Multilingual memory.
Feb 24
v2026.2.23 (beta) — Kilo Gateway. Moonshot/Kimi vision+video. Exec hardening. 50 advisories reviewed.
Feb 24
v2026.2.24 — Stop phrases in 10+ languages. Typing indicators. PowerShell 7. 30+ security fixes.
Feb 25
🔥 v2026.2.25 — Subagent delivery state machine rewrite. Android perf. Heartbeat directPolicy. 30+ security patches.

10 releases in 25 days. The pace is relentless.

Part II

🎯 Game Changers

The features that set OpenClaw apart

Game Changer: Model Freedom

Use any AI model — switch on the fly

Opus 4.6
Anthropic's Best
GPT-5.3
Codex Edition
Sonnet 4.6
New in v2026.2.17
  • New providers added in Feb: xAI Grok, Mistral AI (with memory + voice), Kilo Gateway, Moonshot/Kimi
  • Vercel AI Gateway now accepts Claude shorthand refs — easier routing
  • Per-agent params overrides — mix cheap models for triage, strong models for synthesis
  • 1M token context window (Anthropic beta header) for Opus and Sonnet
No vendor lock-in. Route different tasks to different models. That's the whole point of self-hosted AI.

Game Changer: Sub-Agent Orchestration

v2026.2.15 — Agents spawning agents

Agents can now spawn child agents, which can spawn their own children. Configurable nesting depth, per-agent limits, depth-aware tool policies.
🔀
Parallel Workers
Break complex tasks into parallel sub-tasks. Research + write + build simultaneously.
QC Pipeline
Parent agent reviews child output before delivering. Built-in quality control.
🔒
Scoped Permissions
Each child gets only the tools it needs. Depth-aware security policies.
⏱️
Auto-Timeout
Configurable timeouts per child. No runaway agents burning tokens.

Sam Altman: "The future is going to be extremely multi-agent" — this is that future, running on your machine.

Game Changer: Vision + Video Understanding

v2026.2.23 — Moonshot/Kimi multimodal

Native Moonshot video provider + Kimi vision. Your agent can now watch videos, analyze images, and understand visual content — not just text.
  • Kimi web search provider with citation extraction from results
  • Video execution refactored to honor baseUrl+header precedence (matching audio)
  • Cache-ttl eligibility extended to Moonshot/Kimi and ZAI/GLM providers
  • Combined with Browser Relay = agent that can see and interact with the web
@steipete (391K followers) — "New @openclaw beta is up. Focus was on security and bugfixes. Smuggled a few smaller things in too like Kilo provider and Kimi vision + video support."

Part III

⚡ Quality of Life

Security, platform polish, and daily improvements

Security

Quality of Life: Security Blitz

The #1 complaint — and they're addressing it hard

50+
Advisories Reviewed (v2026.2.23)
12
Adopted in Latest Release
6 CVEs
Patched (Endor Labs Report)
336
Malicious Skills Found on ClawHub
  • Auth mode "none" permanently removed — no more open doors
  • SSRF guards on browser, image tool, Gateway. Exec hardening.
  • ACP + OTEL secret redaction — sensitive data masked in telemetry
  • Skill/plugin code safety scanner added in v2026.2.6
  • allowFrom defaults to ID-only — tighter authorization
  • HSTS support for direct HTTPS deployments
Real talk: 512 vulnerabilities found in Jan audit, 8 critical. CrowdStrike published a removal toolkit. Security is improving fast, but this is still early-stage infrastructure. Don't expose it to the public internet.

Quality of Life: Platform Polish

The stuff that makes daily use better

🔄
Auto-Updater
Built-in self-update with dry-run preview. Beta: hourly cadence. Stable: delayed rollout with jitter.
📊
Token Dashboard
See which jobs cost the most. Track usage per agent. Essential for cost control.
Cron Reliability
Multiple fixes: scheduling regressions, next-run recompute, timer re-arming, webhook delivery.
🧠
Memory Improvements
Multilingual (CJK, Arabic, Japanese, Korean). Better search with fallback + query expansion. Voyage AI native.
💬
Messaging Fixes
Telegram reactions, WhatsApp group filtering, Slack streaming, Discord reusable buttons, iMessage reply tags.
🧹
Session Cleanup
Disk-budget controls, transcript/archive cleanup, duplicate session prevention, case-variant migration.

Beta: Kilo Gateway Provider

v2026.2.23-beta — Multi-cluster AI routing

First-class Kilo Gateway support: auth, onboarding, implicit provider detection, model defaults, transcript/cache-ttl handling. Default model: kilocode/anthropic/claude-opus-4.6.
  • Simplifies multi-cluster connectivity for teams running multiple AI endpoints
  • Vercel AI Gateway also updated — Claude shorthand model refs now auto-normalize
  • Per-agent cache behavior tuning — mixed-traffic agents can optimize independently
  • Bootstrap file snapshots cached per session — fewer prompt-cache invalidations
@russell_cargz — "those who are brave enough to test the beta updates for OpenClaw knowing full well their bot will stop working... we salute you."

Beta: Apple Watch + iOS Extensions

v2026.2.19 — Your AI on your wrist

Watch Inbox
Read and respond to your agent from your wrist. Full notification relay.
📱
iOS Share Extension
Share text, URLs, images directly to your agent. Keep Talk Mode running in background.
🔔
APNs Wake
Wake sleeping iOS devices via Apple Push Notifications. Remote invocation from anywhere.
🎙️
Voice Preload
Preloaded greetings for faster voice playback. Talk Mode stays active in background.
Still early. The Watch app is functional but basic. The real value is iOS share extension — forward anything to your agent instantly.

Part IV

🐦 Community & Competition

What people are actually saying

Community Voice: The Love

@R1verra (546 followers) — "4 weeks in using #OpenClaw.. game changer. No hype. Just 13-15 hours daily of deliberate configuration and testing. Potential is undeniable."
@AriaWestcott (545K followers) — "Nobody's talking about this because it's not glamorous. But wrapping OpenClaw for a specific niche and charging for the setup is a real business right now."
@jay__deen (3K followers) — "Using @openclaw + Nano Banana to turn an English-only curriculum into bilingual homeschool materials is a game-changer"
GraphAtlas (Substack) — "I built and shipped a project from my phone. The tool isn't Claude Code... OpenClaw doesn't make you a faster coder. It makes you not a coder."

Community Voice: The Criticism

@IuriiTiunov — "Huge thanks to @steipete for OpenClaw! But the current token burn in heavy workflows is a bottleneck. Even with tweaks, costs skyrocket."
@asaio87 (2.2K followers) — "People install openclaw and start creating AI slop comments, videos and posts. Use it for something useful, and ship some apps."
Infosecurity Magazine — "Researchers reveal six new OpenClaw vulnerabilities — SSRF, missing auth, path traversal. 336 malicious skills found on ClawHub (10.8% infection rate)."
@singhgurnoor080 — "This isn't about OpenClaw vs Claude Code. It's about abstraction layers. High-level agents are powerful but brittle if your requirements aren't fully specified."

⚔️ OpenClaw vs The Competition

Based on real user opinions, not marketing

DimensionOpenClawClaude CodeCursorWindsurf
What it isLife automation agentCoding agentAI IDEAI IDE
Interface50+ messaging channelsTerminal/IDEVS Code forkVS Code fork
ModelsAny (15+ providers)Claude onlyMultipleMultiple
Self-hostedYes, fully localNoNoNo
Coding depthBasicSuperiorSuperiorGood
Autonomy24/7, cron, sub-agentsSession-basedSession-basedSession-based
CostFree + API (~$5-30/mo)$20-200/mo$20-40/mo$15-50/mo
Setup30-60 min30 seconds30 seconds30 seconds
@jpschroeder (4.8K followers): "You don't want to go too hard in the paint for one agent vs another. That's a mistake akin to being too attached to 2021 GitHub CoPilot and not moving to Cursor." link

What's Actually Useful

Honest take for Michael's audience

Worth your time right now:

  • 🟢 Multi-model routing — switch between Claude/GPT/Grok per task. Real cost savings.
  • 🟢 Sub-agents — parallel research, content pipelines, automated QC. Now with reliable delivery in v2026.2.25.
  • 🟢 Cron automation — "work while you sleep" actually works now after Feb reliability fixes.
  • 🟢 Browser Relay — agent controls your actual browser with your logins. Huge for web automation.
  • 🟢 Discord/Telegram as control panels — buttons, modals, selects. Real UI, not just chat.

Not ready yet:

  • 🟡 Token costs in heavy workflows — still burns through API credits fast
  • 🟡 Security posture — improving rapidly but don't expose to public internet
  • 🟡 Setup complexity — 30-60 min minimum, not plug-and-play
  • 🟡 ClawHub skills — 10.8% malicious rate. Audit before installing.

What's Coming Next

Roadmap signals from releases + community

🏛️
Foundation Governance
With Steinberger at OpenAI, the independent foundation + community maintainers now lead. Mirrors Linux/Kubernetes model.
☁️
Managed Hosting Boom
OpenClawd AI launched managed platform (Feb 20). DigitalOcean 1-Click Deploy ($24/mo). Startups offering $3-5/mo hosting.
🔐
Enterprise Security
50 advisories per release cycle. HSTS, exec hardening, OTEL redaction. Heading toward enterprise-grade.
🎥
Multimodal Expansion
Vision + video just landed. Audio already supported. Full multimodal agent pipeline forming.
The beta channel ships hourly. The auto-updater means your agent stays current without manual intervention. This project moves fast.
Verdict

The Verdict: Is OpenClaw Worth It in 2026?

Yes — if you're willing to invest the setup time.

10 releases in 25 days. 215K GitHub stars. Sub-agents with reliable delivery, vision, 15+ model providers, 50+ messaging channels. No other tool does what OpenClaw does.

Free
MIT Licensed, Self-Hosted
215K ⭐
Fastest-Growing OSS Project
~$5-30/mo
API Costs Only
The honest caveat: Security is the #1 risk. Don't run it on public internet. Audit ClawHub skills. Watch your token spend. But if you want a 24/7 AI agent that actually does things — nothing else comes close.

What feature are you most excited about?

Drop your thoughts in the comments

Sources: GitHub Releases, CyberSecurityNews, Infosecurity Magazine, X/Twitter, GraphAtlas Substack, NxCode, NeuralStackly