OpenClaw’s Rapid Evolution: 10+ Updates in 20 Days, Adding Gemini 3.1 & Apple Watch

iOS Ecosystem: Mobile Leap in 20 Days

OpenClaw delivered an iOS Alpha on February 9, followed by a share‑extension on February 17 that lets users push URLs, text, or images directly from the system share menu. On February 19 the Apple Watch companion launched, enabling inbox view, notifications, and quick‑reply actions, with APNs wake‑up ensuring background reliability. By February 21 the watch bridge passed actions to the iOS app and Talk Mode automatically disabled voice interruption when using the built‑in speaker.

Architecture Evolution: Nested Sub‑agents Unlock Complex Tasks

The core breakthrough was the Subagents system. On February 15 OpenClaw introduced nested sub‑agents (sub‑sub‑agents) controlled by the maxSpawnDepth parameter, limiting each agent to five child nodes and adding depth‑aware tool strategies. By February 21 the default depth was stabilized at maxSpawnDepth=2, allowing a single orchestrator to generate a hierarchy of tasks. Automatic context truncation and chunk‑wise re‑reading prevent crashes when tool output exceeds the context window, giving OpenClaw the ability to handle multi‑level workflows.

Discord: The Mainstage for Multi‑Agent Collaboration

Discord became the primary channel for OpenClaw users. February 13 added voice messages with waveform previews. February 15 unlocked native UI components (buttons, dropdowns, modals) for structured interactions. February 17 made components reusable and introduced per‑button permission lists. February 21 added real‑time voice channel control via /vc, streaming preview replies, emoji sync, and binding sub‑agent sessions to specific Discord threads. These changes transformed OpenClaw from a simple chatbot into a full‑featured AI native application.

Model Landscape: Model‑Neutral Strategy

OpenClaw expanded its model catalog rapidly: February 6 added Anthropic Opus 4.6 (forward‑compatible) and xAI Grok; February 9 enabled Grok web‑search; February 13 integrated Hugging Face Inference and vLLM with guided setup; February 17 added Anthropic Sonnet 4.6 and a 1‑million‑token context beta; February 21 brought Google Gemini 3.1 Pro preview. Users can now switch among Claude, GPT, Gemini, Grok, and others per task.

Detail Polish: Streaming Experience and Reliability

Slack received native single‑message streaming via chat.startStream/appendStream/stopStream, eliminating the previous edit‑loop hack. The streaming mode defaults on and falls back gracefully on failure. The timer subsystem was overhauled: write‑ahead delivery queues prevent message loss on gateway restarts, and cross‑platform reply routing was unified to stop thread fragmentation.

Security: A 400‑K‑Line Code Battle

Security scrutiny intensified. Kaspersky reported 512 vulnerabilities (8 critical) in a late‑January audit. Shodan scans by researcher Jamieson O'Reilly exposed thousands of unauthenticated instances leaking API keys, bot tokens, Slack credentials, and chat histories. Bitsight counted over 30 000 public instances. CVE‑2026‑25253 (CVSS 8.8) allowed remote code execution via a malicious webpage, even on localhost bindings. Supply‑chain attacks surfaced as the “ClawHavoc” campaign, where malicious skills in the official ClawHub installed keyloggers or Atomic Stealer malware; about 12 % of 2 857 skills were malicious. Cisco labeled OpenClaw “an absolute nightmare from a security perspective” and released an open‑source Skill Scanner. Trend Micro highlighted misconfigurations that leaked millions of records, including API tokens and private messages. In response, OpenClaw upgraded cryptography to SHA‑256, patched SSRF and Windows daemon command‑injection bugs, hardened Docker sandbox policies, removed dangerous flags, added VNC password auth, and introduced owner‑ID HMAC obfuscation.

Funding Shift

On February 16 project founder Peter Steinberger announced his move to OpenAI to lead personal‑agent development, and OpenClaw transitioned to an independent foundation backed by OpenAI funding and technical support. The impact on future security resources remains to be seen.