Open-source, self-hosted AI agent platform OpenClaw released its latest release, version 2026.3.22, bringing a wave of improvements across plugin management, AI integrations, and platform security.
This update adds the ClawHub plugin marketplace and expands model support to include MiniMax M2.7, GPT-5.4-mini/nano models, and per-agent reasoning capabilities. Additionally, the release incorporates integration with OpenShell and SSH sandbox environments, alongside connectivity to external search tools such as Exa, Tavily, and Firecrawl.
According to the GitHub document, one of the headline changes is a revamped plugin installation flow. When running openclaw plugins install, the system now prioritizes OpenClaw’s own marketplace — ClawHub — before falling back to npm. This means users get curated, verified packages by default, with npm still available as a safety net. Updating plugins has also been improved: developers can now target specific versions or distribution tags on npm-tracked installs without losing their recorded package specs.
OpenClaw is doubling down on AI integrations. The default OpenAI model has been upgraded to GPT-5.4, with Codex following suit. All OpenAI services — chat, image generation, text-to-speech, transcription, and embeddings — now draw from a single shared configuration module, making setup cleaner and more consistent.
Perhaps most notably, this release introduces a native Anthropic Claude provider via Google Vertex AI, complete with full GCP authentication and discovery. Teams already running on Google Cloud infrastructure can now access Claude models directly through OpenClaw without additional middleware.
Rounding out the AI news, this release adds support for discovering and installing Codex, Claude, and Cursor bundles, with their skills automatically mapped into the OpenClaw skill system.
OpenClaw 2026.3.22
— OpenClawClawHub plugin marketplace
MiniMax M2.7, GPT-5.4-mini/nano + per-agent reasoning
/btw side questions
OpenShell + SSH sandboxes
Exa, Tavily, Firecrawl search
This release is so big it needs its own table of contents. https://t.co/XvRbXEduGC(@openclaw) March 23, 2026
Notably, this release addresses several meaningful security concerns. Proxy spoofing protection has been improved by ensuring that loopback hops in trusted forwarding chains are now ignored, while devices are restricted from requesting permissions beyond what their session allows. Admin scope lockdown has been strengthened so that proxy-authenticated sessions can no longer self-declare admin or secrets-level access without a verified device identity. In addition, malicious download protection has been enhanced by applying the same size limits and timeouts to error responses from remote media sources as those used for successful downloads, thereby closing a potential vector for unbounded memory attacks.
Users can now install directly from GitHub’s main branch via openclaw update –tag main, useful for teams tracking bleeding-edge builds. A fix has also landed for plugin callback routing, ensuring that interactive buttons — such as Telegram’s Codex picker — no longer accidentally fall through to general message handlers.
A beta build of v2026.3.22 is available on npm. macOS users should note that the desktop app remains on the previous stable release, with no new macOS binary attached to this beta.
The post OpenClaw Upgrades Its AI Arsenal And Closes Security Gaps In Latest Release appeared first on Metaverse Post.
