OpenClaw’s Massive 9‑Day Overhaul: New Architecture, Plugin SDK, and GPT‑5.4 Upgrade

Release Overview

OpenClaw announced the preview version 2026.3.22‑beta.1 after a nine‑day pause on GitHub. The release is positioned as a major architectural overhaul rather than a minor patch.

Plugin System Reconstruction

The old openclaw/extension‑api has been removed without a compatibility layer. A brand‑new modular openclaw/plugin‑sdk/* replaces it, forcing all third‑party plugins to migrate. Plugin distribution now defaults to ClawHub ; npm is used only when a package is unavailable on ClawHub, improving ecosystem purity.

Security Hardening

Four critical security issues were addressed:

SMB credential leakage : Remote file:// or UNC paths could trigger automatic SMB authentication, leaking Windows credentials. The new version blocks such remote paths in media loading and sandbox attachment handling.

Execution‑environment sandbox : Environment variables MAVEN_OPTS, SBT_OPTS, GRADLE_OPTS, GLIBC_TUNABLES, and DOTNET_ADDITIONAL_DEPS are now blocked, closing injection vectors for Java and .NET runtimes.

Unicode zero‑width character spoofing : Previously, Hangul filler characters could hide malicious commands in approval dialogs. The update fully escapes these characters in gateway and macOS approval interfaces.

Webhook pre‑authentication : Unauthenticated callers could consume up to 1 MB/30 s of server resources. The new limit is 64 KB/5 s with per‑IP concurrency caps, making the update mandatory for public deployments.

Model Ecosystem Expansion

The default OpenAI model switches to GPT‑5.4 , with forward‑compatible gpt‑5.4‑mini and gpt‑5.4‑nano. MiniMax upgrades from M2.5 to M2.7 and consolidates its API and OAuth entry points into a single plugin. Anthropic’s Claude becomes accessible via Google Vertex AI, and other models such as xAI’s Grok, Z.AI’s GLM 4.5/4.6, and Mistral receive updated pricing metadata.

Multi‑Platform Experience

UI refinements include system‑wide dark mode on Android, a new rounded‑slider control, Telegram’s automatic DM‑forum topic generation, and Feishu’s structured approval cards with real‑time reasoning stream rendering. Browser integration now connects directly to Chromium‑based browsers via userDataDir, and the sandbox backend supports pluggable OpenShell and SSH backends instead of being Docker‑only.

Agent Engine Enhancements

Long‑dialog compression (Compaction) now extends its runtime deadline to avoid mid‑compression timeouts.

Compressed sessions automatically repair orphaned tool_result blocks, preventing downstream Anthropic request failures.

Default agent timeout increased from 600 seconds to 48 hours, removing the 10‑minute ceiling for long‑running ACP sessions.

New /btw command lets users insert a side‑question that the AI answers without affecting the main conversation context.

Implications

The breadth of changes signals that the OpenClaw team has moved beyond rapid feature‑star accumulation toward a disciplined engineering focus on reliability, security, and extensibility, aiming to become a trusted AI‑agent platform for production use.