English
中文
Deutsch
HomeArticle

Just now, OpenClaw has undergone its most significant upgrade! A complete overhaul of the underlying architecture. The entire network has been waiting for 9 days.

新智元2026-03-24 08:54
Finally, it's here.

[New Intelligence Yuan Introduction]

After a 9-day hiatus, the big update is finally here! Just now, OpenClaw has received its largest version upgrade to 3.22. The plugin architecture has undergone a major overhaul, GPT-5.4 has made its debut, and the security protection has been further enhanced.

After 9 consecutive days of no updates on GitHub, OpenClaw has finally come up with a bombshell!

Just now, Peter Steinberger officially announced with great fanfare that the preview version of OpenClaw "2026.3.22-beta.1" is now available.

The most notable feature of version 3.22 is a complete reconstruction of the "plugin system".

A brand - new public plugin SDK (openclaw/plugin-sdk/*) has been launched, and the old extension API has been completely abandoned.

Meanwhile, the OpenClaw official has confirmed that ClawHub plugins will be the preferred distribution channel, significantly improving the purity of the ecosystem.

Security is also a major focus this time. For Windows users, the system has added interception and strengthened the execution environment.

GitHub link: https://github.com/openclaw/openclaw/releases/tag/v2026.3.22-beta.1

It's worth mentioning that the OpenClaw model configuration has also been upgraded to GPT-5.4.

In addition, the UI interaction, long - conversation compression mechanism, dark mode on the Android side, and multi - platform notification logic have all been refined and fixed.

As soon as the new version of OpenClaw was released, the whole network went into a frenzy, and many people were eager to try it.

Today's OpenClaw has become even more powerful!

After a 9-day hiatus, the new version of OpenClaw has taken the whole network by storm

This update is not a minor tweak but a major overhaul of the underlying architecture.

During the preview stage, the father of OpenClaw posted a picture of a lobster, hinting at the major move after 9 days of no updates.

Today's major upgrade has finally shown everyone what a real game - changer looks like!

Here's a summary of the core points of this update:

1. Complete overhaul of the plugin system: The old API has been completely removed, the new SDK has taken over comprehensively, and ClawHub has become the official preferred distribution channel.

2. Major security overhaul: More than a dozen vulnerabilities, such as Windows credential leakage, environment variable injection, and Unicode approval camouflage, have been blocked at once.

3. Expansion of the model camp: GPT-5.4 has become the default model, MiniMax M2.7 has been integrated, and Anthropic Vertex has been officially connected.

4. Refined user experience: Android dark mode, Feishu interactive cards, automatic naming of Telegram topics, and iteration of the long - conversation compression mechanism.

The major reconstruction of the plugin system marks the end of the old era

The most core change in version 3.22 can be summarized in one sentence: the plugin ecosystem of OpenClaw has undergone a complete transformation.

The old openclaw/extension - api has been completely removed, with no compatibility layer and no transition period.

In its place is a brand - new modular interface, openclaw/plugin - sdk/*.

How drastic is this change? All existing third - party plugins that still use the old API need to be migrated.

The official has even removed the old nano - banana - pro image generation skill wrapper, and now all image generation goes through the agents.defaults.imageGenerationModel path.

Meanwhile, the default source for plugin installation has also changed. Previously, when you executed "openclaw plugins install", the system would directly fetch packages from npm.

Now, ClawHub has become the preferred source. Only when a package cannot be found on ClawHub will the system fall back to npm.

The reason for this is that npm is essentially a general - purpose package manager, and anyone can publish packages, resulting in uneven quality. In contrast, ClawHub is a plugin market maintained by the OpenClaw official, with stricter reviews and more controllable sources.

The "purification movement" of the plugin ecosystem has officially begun.

What's even more noteworthy is the expansion of "ecosystem" compatibility.

Version 3.22 has added support for discovering and installing plugin packages for three major mainstream development tools: Claude, Codex, and Cursor. It can automatically map the Skills in external plugin packages to the skill system of OpenClaw.

This means that in the future, the useful plugins you use in Cursor may be directly used in OpenClaw.

From a closed tool framework to an open platform that can absorb external ecosystems - this step has been taken very decisively.

Security reinforcement: plugging all the critical holes this time

If the plugin reconstruction is a forward - looking layout, then the security fixes are a response to the most urgent current issues.

Version 3.22 has applied more than a dozen security patches, several of which are quite critical.

The first major vulnerability: SMB credential leakage on Windows.

Previously, attackers could construct special file:// or UNC paths to trigger Windows to automatically initiate an SMB authentication handshake during the media loading process.

At this time, your OpenClaw thinks it is about to load an image, but in fact, it is sending your Windows login credentials out.

Version 3.22 has comprehensively intercepted such remote paths in the core media loading and sandbox attachment paths.

The second: Reinforcement of the execution environment sandbox.

The new version has directly blocked JVM injection paths such as MAVEN_OPTS, SBT_OPTS, and GRADLE_OPTS, plugged the GLIBC_TUNABLES exploitation channel, and intercepted the.NET DOTNET_ADDITIONAL_DEPS dependency hijacking.

In short, all the environment variable injection attacks of mainstream build toolchains have been blocked at once.

The third: Unicode zero - width character approval camouflage.

Previously, some people found that they could use invisible Hangul Filler code points to camouflage the approval prompt of an execution command, making the operator unable to see the real command content during approval. Version 3.22 has comprehensively escaped such characters in the gateway and the macOS native approval interface.

The fourth: Pre - authentication protection for voice call Webhooks.

The old version allowed unauthenticated callers to consume server resources with a large buffer window of 1MB/30 seconds. The new version has reduced the pre - authentication body read limit to 64KB/5 seconds and limited the number of concurrent pre - authentication requests per IP.

For users with public - network deployments, this version is not a "recommended update" but a "must - update".

Further expansion of the model ecosystem: GPT-5.4 takes the lead

At the model level, version 3.22 has made several substantial upgrades.

The default OpenAI model has been officially switched to GPT-5.4. At the same time, forward - compatible support for gpt - 5.4 - mini and gpt - 5.4 - nano has been pre - set, allowing seamless access as soon as the models are launched.

On the MiniMax side, the default model has been upgraded from M2.5 to M2.7. The previously separate API and OAuth plugin entrances have been merged into a single minimax plugin, significantly reducing the configuration complexity.

Another highlight is the official connection of Anthropic Vertex. Now, you can directly call the Claude model through Google Vertex AI, including GCP authentication and automatic discovery.

For teams running business on Google Cloud, the value of this path is self - evident.

In addition, the Grok directory of xAI has been synchronized to the latest version, the GLM of Z.AI has been updated to the 4.5/4.6 series, and the misleading "zero - cost" pricing metadata of Mistral has finally disappeared.

The positioning of OpenClaw as a "model router" is being recognized by more and more leading large - model manufacturers.

Multi - platform experience: every detail is being refined

This kind of update may not be eye - catching, but it has the most obvious impact on the user experience.

The Android side finally supports the system - following dark mode, covering everything from the boot page to the chat page to the voice page. The Control UI has added a "rounded slider", allowing users to customize the roundness of the interface, freely adjusting from sharp corners to full circles.

There have been significant changes on Telegram. DM forum topics can now be automatically renamed.

After the first message comes in, the system will use an LLM to generate a meaningful topic tag instead of a meaningless ID. It also supports the silent error reply mode, where the error messages of the robot can be set not to emit a notification sound.

The upgrade of Feishu is also worth mentioning.

Structured interactive approval cards and quick - operation startup cards have been added. It supports the binding of ACP and sub - agents in the current session and has supplemented the rendering of the reasoning stream. The thinking process is displayed in real - time in the form of a Markdown quote block on the same card.

In terms of browser integration, the old Chrome extension relay path has been completely removed, and now it supports direct connection to Chromium - based browsers such as Brave and Edge through userDataDir.

The sandbox system has also undergone an architectural upgrade. Pluggable backend support has been added, and the first batch of backends, OpenShell and SSH, have been launched. Sandbox management is no longer tied to the Docker single - solution.

Agent engine: smarter compression, more relaxed scheduling

There are several points at the Agent level that are worth mentioning separately.

The long - conversation compression mechanism (Compaction) has undergone multiple rounds of iteration.

The new version will automatically extend the running deadline during the compression process to avoid large - scale session compression being terminated due to timeout.

After compression, it will automatically repair isolated tool_result blocks to prevent residual data in the historical records from causing problems in subsequent Anthropic requests. The compression of empty sessions will finally not get stuck in an infinite loop.

The default Agent timeout has been directly increased from 600 seconds to 48 hours.

ACP sessions running long - term tasks no longer have to be restricted by the default 10 - minute limit.

There is also a thoughtful new function: the /btw command. During a conversation, you can insert a "side - note question" at any time with /btw. The AI will answer quickly without affecting the context of the current session.

It's like whispering a side question to a colleague during a meeting and then continuing the meeting.

What has been achieved after 9 days of silence?

One major version in 9 days.

This update rhythm shows that the OpenClaw team has moved beyond the stage of "piling up features to gain stars" and has started to do serious engineering.

该文观点仅代表作者本人,36氪平台仅提供信息存储空间服务。

For media inquiries, interview requests, business collaboration and Recruit global ecological partners, please contact mohaiying@36kr.com.
Partner:startuprad.io

36kr Europe (eu.36kr.com) delivers global business and markets news, data, analysis, and video to the world, dedicated to building value and providing business service for companies’ global expansion.

© 2024 36kr.com. All rights reserved.