OpenClaw Releases 2026.2.23 Released With Security Updates and New AI features

Version 2026.2.23 of OpenClaw, the open-source personal AI assistant with more than 215,000 GitHub stars, has been released. It emphasizes both sophisticated AI integrations and strong security hardening. For privacy-conscious users deploying AI gateways locally on macOS, Windows, and Linux, this update is a welcome addition as it fixes numerous vulnerabilities and adds features like support for Claude Opus 4.6.

Learn more Courses on ethical hacking Security of computers Exploits The inclusion of optional HTTP security headers, such as Strict-Transport-Security for direct HTTPS deployments, along with testing, documentation, and validation to reduce man-in-the-middle risks, is a noteworthy feature. In order to prevent storage overflows and data leaks, developers also implemented disk-budget controls, safer transcript handling, and "openclaw sessions cleanup," which hardened session maintenance.

Notably, a breaking change causes the browser's SSRF policy to default to "trusted-network" mode, necessitating explicit configuration for users on private networks. To restore legacy settings, use "openclaw doctor -fix." Configuration and execution risks are the focus of several fixes.

In order to maintain restore behavior while preventing exposure, sensitive dynamic keys like env. * are now redacted in configuration snapshots. To prevent unwanted file access, ACP client permissions require trusted tool IDs with scoped read approvals, and obfuscated commands require explicit approval prior to execution. While OTEL diagnostics redact API keys from logs prior to export, skills packaging rejects XSS-vulnerable prompts and symlink escapes in image galleries.

Together, these safeguards strengthen OpenClaw against stored XSS, SSRF, prompt injection, and credential leaks in production settings.

Safety Description of the Fix Effects The SSRF Policy Legacy allowPrivateNetwork is migrated to trusted-network by default. Stops unwanted internal requests Redaction of Configurations conceals skills.env. * and env.

* in snapshots prevents the exposure of sensitive keys Executive Security identifies and stops obfuscated commands Prevents injection attacks Capabilities XSS Evaluates user input in HTML output prevents stored cross-site scripting OTEL Redaction cleans the diagnostics keys keeps telemetry safe in observability AI Improvements and Corrections On the AI front, Providers gain first-class Kilo Gateway support with kilocode/anthropic/claude-opus-4.6 as default, including auth, onboarding, and cache handling. Vercel AI Gateway now normalizes shorthand Claude refs, while tools/web_search adds Moonshot “kimi” provider with improved citation extraction. Discover more ZeroOwl subscription Data security software Security threat analysis Media understanding expands with native Moonshot video support and refactored execution for better URL/header precedence.

Per-agent parameter overrides for cacheRetention and bootstrap caching help agents reduce prompt invalidations. The fixes fix model resolution for defaults, improve overflow detection for better failover on 502/503 errors, and extend context pruning to Moonshot/Kimi. [inquiry] Quick caching documents help with optimized deployments by elucidating retention behaviors across Bedrock/OpenRouter.

Only hours ago, Steipete marked this release of OpenClaw v2026.2.23, which features contributions from dozens of developers and highlights OpenClaw's quick development as a safe, multi-model AI hub for messaging apps like Telegram and WhatsApp. It guarantees steady operations in the face of increasing ecosystem demands by fixing issues with Telegram polling, WhatsApp group policies, and provider-specific peculiarities (such as Anthropic OAuth betas). X, LinkedIn, and LinkedIn for daily ZeroOwl. To have your stories featured, get in touch with us.