惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

F
Fortinet All Blogs
Attack and Defense Labs
Attack and Defense Labs
V2EX - 技术
V2EX - 技术
O
OpenAI News
S
Secure Thoughts
H
Heimdal Security Blog
Application and Cybersecurity Blog
Application and Cybersecurity Blog
Schneier on Security
Schneier on Security
H
Hacker News: Front Page
S
Security Affairs
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Vercel News
Vercel News
Microsoft Security Blog
Microsoft Security Blog
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
P
Proofpoint News Feed
The Register - Security
The Register - Security
GbyAI
GbyAI
Cloudbric
Cloudbric
MongoDB | Blog
MongoDB | Blog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
K
Kaspersky official blog
Forbes - Security
Forbes - Security
Y
Y Combinator Blog
C
CXSECURITY Database RSS Feed - CXSecurity.com
Scott Helme
Scott Helme
Hacker News - Newest:
Hacker News - Newest: "LLM"
The Cloudflare Blog
Recorded Future
Recorded Future
人人都是产品经理
人人都是产品经理
Cyberwarzone
Cyberwarzone
C
CERT Recently Published Vulnerability Notes
Webroot Blog
Webroot Blog
C
Cyber Attacks, Cyber Crime and Cyber Security
L
LangChain Blog
T
Tor Project blog
Microsoft Azure Blog
Microsoft Azure Blog
博客园_首页
Hacker News: Ask HN
Hacker News: Ask HN
Blog — PlanetScale
Blog — PlanetScale
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
B
Blog RSS Feed
N
News and Events Feed by Topic
阮一峰的网络日志
阮一峰的网络日志
I
Intezer
V
V2EX
T
Tailwind CSS Blog
SecWiki News
SecWiki News
NISL@THU
NISL@THU
C
Check Point Blog

OpenClaw Blog

Skill Workshop: Turn Agent Work Into Reusable Skills OpenClaw Collaborates with NVIDIA for Stronger Agent Skill Security Auto Mode Is the Safer Way to Let Agents Run Commands - OpenClaw Blog Safer Than YOLO: Auto Mode for Exec Approvals OpenClaw Is Getting Faster, Smaller, and Easier to Trust Where OpenClaw Security Is Heading OpenAI Models in OpenClaw, Done Right How OpenClaw Got Safer in Public OpenClaw Partners with VirusTotal for Skill Security Introducing OpenClaw
OpenClaw Had a Rough Week
Peter Steinberger · 2026-05-05 · via OpenClaw Blog

OpenClaw blog

What happened around the 2026.4.24 and 2026.4.29 releases, why the direction was right, and what we are changing now.

TL;DR: OpenClaw had a rough week. 2026.4.29 made it obvious. Sorry. We are making core smaller, moving optional stuff to ClawHub, and announcing LTS separately later in May.

The trouble started around 2026.4.24. By 2026.4.29 it was obvious enough that nobody could pretend this was just a few weird installs. Gateways got slower. Some installs got stuck in plugin dependency repair loops. Discord, Telegram, WhatsApp and other channels behaved worse than they should. People downgraded. People lost time.

This was not one bug. Plugin dependency repair ran in startup and update paths, bundled and external plugins were half-split, ClawHub artifact metadata was still settling, and gateway cold paths did too much work.

That sucks. I’m sorry.

We’ve been pushing OpenClaw to become smaller, safer and more infrastructure-grade. That means less magic in core, fewer bundled dependencies, clearer plugin boundaries, better scanning, better release hygiene, better security posture. All the boring stuff that matters once people run this as actual infrastructure and not just as my weird lobster playground.

Recent npm ecosystem supply-chain incidents made this feel a lot less theoretical. OpenClaw did not directly depend on Axios; the relevant risk was the shape of the dependency graph: transitive packages, install-time behavior, postinstall scripts, packages pulling packages pulling packages.

So we started moving things out of core: channels, providers, heavy tools, parsers, optional integrations. The plugin inventory shows what still ships in core, what installs separately, and what is source-checkout only.

The problem: I underestimated how difficult it would be to get this right. For a few releases we ended up in the worst middle state: too much moved toward plugins, while too many plugins were still bundled, repaired, staged, checked, or dependency-loaded in places users feel immediately.

This also exposed an operating problem: OpenClaw was still too founder-driven. Too much release, review, packaging and support work sat with me. Through the OpenClaw Foundation, and with help from OpenAI, we are building a real team around the project.

Going forward, we’ll be changing how releases are done, and will soon announce an LTS release next to our faster update cycles.

Thank you to everyone who reported issues, pasted logs, tested betas, downgraded, upgraded again, or just waited while we dug through this.

OpenClaw will keep getting more secure. It will also get smaller. But it has to stay boringly reliable while we do that.