We track changes that affect production deployments: security, releases, ecosystem shifts, and policy guidance. For a clean, citable changelog, use our Release Notes hub (with RSS).
Operator takeaway (read this first)
OpenClaw is powerful because it can connect to real tools (email, docs, shells, APIs). That also means the main risk is supply-chain + permission abuse via third‑party skills/extensions or unsafe configuration.
This page is informational and references third‑party sources. Validate details before making security decisions.
Latest headlines
Updated: 2026-02-09 · Release notes
| Date | Topic | Why it matters to businesses |
|---|---|---|
| 2026-02-05 | China issues security warning about OpenClaw deployments | Signals mainstream adoption — and higher scrutiny. Expect more focus on audits, identity controls, and secure configs. |
| 2026-02-05 | Marketplace/skills risk: reports of prompt-injection/backdooring + leaked credentials | Confirms the #1 ops rule: treat third‑party skills as executable code. Lock permissions and isolate the runtime. |
| 2026-02-02 | Malicious skills targeting crypto users reported on ClawHub | Reinforces need for allowlists, code review, and “no manual terminal commands” policy in your org. |
| 2026-01-29 | Official OpenClaw release notes: channels/models/web chat updates + security commits | Good: rapid iteration. Risk: frequent changes. Businesses need version pinning + change control. |
Source list (for your team):
How we can help (fast)
SEO keywords we target
This page is designed to rank for long‑tail queries like:
Tip: when you update, add 2–4 bullets per headline and keep dates in ISO format (YYYY‑MM‑DD).