openclaw

OpenClaw released version 2026.4.7, adding OpenClaw inference capabilities, music and video editing, conversation branching/recovery, Webhook-based TaskFlows, and support for Arcee, Gemma 4, and Ollama visual models, while also launching the memory-wiki persistent knowledge system.

The 360 vulnerability mining agent recently discovered and reported 1 high-risk and 2 medium-risk high-value vulnerabilities related to OpenClaw, totaling 3 vulnerabilities. Currently, all newly discovered vulnerabilities have been officially patched and publicly disclosed.It is understood that the three newly discovered vulnerabilities directly target the core operating mechanism of AI agents, directly affecting the core security of user devices, data, and accounts.

MiniMax stated on platform X, "The MiniMax Token was designed from the beginning to be usable across third-party platforms. More great ideas on how to apply artificial intelligence will emerge outside of the AI lab than within the lab itself. Limiting AI subscription users to first-party products stifles these ideas, causing them to be stillborn before they even have a chance to come to life."

OpenClaw founder Peter Steinberger posted on the X platform in response to Anthropic's ban, stating that OpenClaw operates independently and even invited Anthropic and more than ten other companies to join our nonprofit organization. They did not respond, but we have almost successfully attracted the participation of all other companies.

AI company Anthropic announced that starting from April 4 at 15:00 Eastern Time, it will prohibit access to third-party tools through the Claude subscription service, including the open-source project OpenClaw. The new regulations require that related features can only be used through additional packages or billed on a pay-as-you-go basis via API.This adjustment means that many developers and teams relying on OpenClaw to build automated workflows will shift from a fixed subscription cost model to an unlimited pay-as-you-go system, significantly increasing overall usage costs. Some developers have indicated that the original usage cost of about $20/month could soar to hundreds or even thousands of dollars.The market generally believes that this move is related to OpenClaw founder Peter Steinberger's recent joining of OpenAI. Meanwhile, Anthropic is accelerating the promotion of its own tool ecosystem, including native integration solutions for Claude, to replace third-party toolchains.It is worth noting that Anthropic has previously tightened third-party access through technical restrictions, updates to service terms, and feature replacements. This policy is seen as a "final blockade" and will be extended to more tools.Industry analysis points out that this event reflects an intensifying trend of "ecosystem tightening" in AI platforms, with leading companies strengthening control through vertical integration. At the same time, the developer ecosystem faces rising cost uncertainties and platform dependency risks, which may further drive some users toward more open alternatives.

The AI hardware operating system company, Boundless Ark, has recently completed two rounds of Pre-A financing, with investors including the globally renowned wearable device brand Shokz, Guoruiyuan Fund, Hengsong Capital, and Shanghai Angel Club, with ECA Capital serving as the exclusive financial advisor.In the past year, the company has completed a total of 4 rounds of financing, raising hundreds of millions. Boundless Ark's core product is the AI operating system EVA OS, positioned as the "hardware version of OpenClaw" — essentially a set of Agent frameworks running on the hardware side, supporting various terminal devices such as robots, headphones, and glasses. Developers only need to describe their requirements in natural language, and EVA OS can autonomously complete program writing, driver debugging, and application deployment, averaging about half an hour, significantly improving efficiency compared to traditional solutions (3 people, 2-3 months).EVA OS adopts a cloud and local collaborative architecture, with voice latency below 250ms and multimodal feedback below 350ms, outperforming the industry standard of about 600ms; the self-developed end-to-end model reduces voice costs to one-twentieth of the industry standard, and perception model costs can be reduced by 70%-92%. Currently, since the release of EVA OS 1 three months ago, over 2,500 enterprises and R&D units have connected, covering multiple categories such as AI headphones, AI glasses, desktop robots, and robotic arms.

According to Jinshi Data reports, QQ announced today that it has officially natively integrated with the OpenClaw official platform. This means QQ has become the first social platform in the country to be natively integrated by the OpenClaw official platform.

According to the official announcement, OpenClaw's AI agent Skills library platform ClawHub has officially launched a mirror site in China, with the domain mirror-cn.clawhub.com. This infrastructure is sponsored and supported by BytePlus, a subsidiary of ByteDance.

According to official news, the OpenClaw version 2026.3.31 was released this morning. The new version adds QQ bot integration (supporting private chat, group chat, and guild chat as well as media), LINE media sending capabilities, and real background task flow management (which can list, view, and cancel tasks), enhancing automation reliability.This version update emphasizes expansion into the Asian market, including better context, memory, and TTS support for Chinese, Japanese, and Korean, as well as WhatsApp emoji reactions and Matrix room history streaming, aiming to cover developer communication channels beyond Slack or Discord.This update has received widespread praise from the community, but a few users reported excessive Exec approval prompts / Approval issues after the update, and a very small number of users reported occasional crashes or instability after the update.

Slow Fog has once again issued a security reminder stating to pay attention to checking for malicious versions of axios and the exposure risk of OpenClaw npm global installation history. axios@1.14.1 and axios@0.3.4 have been confirmed as malicious versions, both of which have injected the dependency plain-crypto-js@4.2.1, delivering cross-platform malicious payloads through the postinstall script.The impact of OpenClaw is assessed based on scenarios: source code builds are not affected, as the locked versions in the lock file are 1.13.5/1.13.6; however, users who installed via npm install -g openclaw@2026.3.28 face historical exposure risks due to the presence of optionalDependencies.axios@^1.7.4 in the dependency chain, which may resolve to axios@1.14.1 during the time window when the malicious version is still online. Currently, npm has reverted the resolution to axios@1.14.0, but environments that were installed during the attack window are still advised to be checked. Slow Fog has provided inspection commands and IoC paths for various platforms; if the plain-crypto-js directory is found, even if the package.json has been cleaned, it should still be regarded as high-risk execution traces. It is recommended that affected hosts immediately rotate credentials and conduct host-side inspections. Previously, Slow Fog founder Yu Xian reminded that OpenClaw version 3.28 may introduce a toxic version of axios, and users need to urgently check.

Slow Fog founder Yu Xian issued a security reminder stating: We are fairly certain that if the user's OpenClaw is the latest version 3.28, it may introduce a poisoned axios, please be cautious in your checks.In addition, related Skills may also rely on axios, leading to indirect poisoning. Due to the widespread use of axios, a comprehensive check can be conducted under certain conditions.

OpenClaw founder Peter Steinberger posted on the X platform that the next version of OpenClaw will also adopt MCP (Model Context Protocol), allowing users to replace Anthropic's message channel model context protocol, thereby connecting to a wider range of message providers. Peter Steinberger also admitted that this adjustment is "a bit awkward," but it will significantly expand OpenClaw's message access capabilities and ecological compatibility.In response to community concerns that OpenClaw is "biased" towards OpenAI, Peter Steinberger also stated that OpenClaw supports various software from Microsoft's Teams, Matrix to WhatsApp.

OpenClaw founder Peter Steinberger posted on the X platform that the Discrawl 0.2.0 version has been released, with significant optimizations in data synchronization speed.Currently, he has been using this tool daily to analyze the core pain points and user feedback in the OpenClaw Discord community.

According to a security alert released by GoPlus Security, Silverfort security researchers discovered a serious vulnerability in OpenClaw's skill repository ClawHub. Attackers can bypass all protective mechanisms by calling the internal function downloads:increment, allowing them to inflate the download count to over 20,000 in just a few minutes with a single curl request, thereby pushing malicious skills to the top of search rankings and enticing users or AI Agents to install them automatically.Once the malicious skill is running, it can steal sensitive data such as cryptocurrency wallets and API keys. The vulnerability has been patched within 24 hours. GoPlus advises users that a high download count does not equal safety and recommends using AgentGuard for security scanning and protection.

According to official news, Binance announced that AI Pro is about to launch. Previously, Binance had started internal testing of "Binance AI" for some users, and the new AI feature allows users to create OpenClawAI Agent with one click on the platform.