English
中文
Deutsch
HomeArticle

The WeChat Lobster plugin crashed after just 72 hours on the market due to an update from OpenClaw.

爱范儿2026-03-24 12:13
Did WeChat fail to pay OpenClaw?

After waking up, many netizens found that the shrimp in WeChat couldn't be used anymore. The reason was a major update of OpenClaw yesterday.

APPSO strongly recommends at the beginning that if you want to raise shrimp in WeChat, don't upgrade to the latest version of OpenClaw for now.

When we tried to update the OpenClaw at hand to the latest version, sure enough, several warnings popped up one after another during the update process.

Not only WeChat (openclaw - weixin in the following picture), but also the Tencent - based qqbot, the enterprise WeChat wecom - openclaw - plugin, and other chat applications such as Feishu that we configured before all encountered the warning of "dangerous code pattern detected".

During the process of updating from version 3.13 to 3.23, the Tencent - based qqbot, enterprise WeChat, and WeChat almost all encountered similar warnings.

The so - called warning of "dangerous code pattern detected" generally means that there are some writing methods in the relevant plug - in code that may bring security risks, stability problems, or be maliciously exploited.

It is different from an error. An error means that there is a clear problem with the code, the program cannot continue normally, or the result is unreliable.

After the update was completed, we tried to talk to Clawbot in WeChat to control the locally deployed OpenClaw, but sent several messages in a row without a response.

Checking the official log of OpenClaw, we found that the information sent to Clawbot in WeChat could not be synchronized to OpenClaw for processing at all. Instead, there were several error messages, prompting that the module of OpenClaw's plugin - sdk could not be found.

Error: Cannot find module 'openclaw/plugin-sdk'

However, QQ Bot can still respond normally.

WeChat ClawBot cannot connect to OpenClaw after the update.

When we followed the prompt of WeChat's official Clawbot plugin and reinstalled Clawbot by entering commands in the terminal, problems of not being able to find relevant modules began to appear in OpenClaw's running log.

What has OpenClaw updated? Is it also a "messy codebase"?

OpenClaw can now be said to be a top - notch open - source project on GitHub. Almost every day, someone submits optimization code for it, and the official basically updates a new release version every 2 - 3 days. Each time, there are a large number of code fixes, changes, and major overhauls.

It can be seen from GitHub that OpenClaw is updated quite frequently.

In this update of 2026.3.22 - beta.1, the Openclaw team carried out a refactoring. For the plugin system, they made two major changes.

Removed the original main entrance: Previously, all plugins could directly obtain the required functions from the unified entrance of openclaw/plugin - sdk. In this update, the official directly deleted this main entrance.

No transition plan provided: The update log clearly states "no compatibility shim". It means that they not only directly deleted this module but also didn't provide an interface for transfer and transition.

Why did OpenClaw make such a drastic update?

Although it is very torturous for ordinary users of WeChat Clawbot, from the perspective of software engineering, the official did this mainly for performance and security.

The previous unified entrance mode would cause the plugin to load the entire development package (SDK) into the memory at once, even if it only used a small part of the functions. This would make the software bloated and slow.

Now the official requires the use of segmented paths (for example, it must be written precisely as openclaw/plugin - sdk/core), which is to force plugin authors to "take what they need", thereby significantly improving the startup speed of Openclaw.

In addition, the update log also mentions "blocking cross - package escape of relative paths". It means that the previous old interface was too loose, and a slightly malicious plugin may access other data on your computer beyond its authority. Now, forcing the use of the new segmented interface is to tightly confine each plugin in its own small box.

OpenClaw also immediately updated the instructions in its official documentation, stating that this update is mainly to achieve on - demand loading, improve the startup speed and save memory, and on the other hand, to make the API interfaces clearer.

The plugin update of OpenClaw mentions why the change was made, what changes were made, and how plugin developers should modify their code.

Forcing compliance with API rules means that plugins can only use public and stable interfaces (that is, the things in openclaw/plugin - sdk/*) to obtain capabilities.

If everyone uses relative paths to secretly access the underlying private code, once the official modifies the folder name of the underlying code, it will directly intercept and report an error.

It was blocked just 72 hours after its release

The reason is obvious. It is that the WeChat clawbot plugin can't find the way to connect with OpenClaw.

The authors of the WeChat and enterprise WeChat plugins used the old rules when writing the code, and the code was hard - coded to look for tools in openclaw/plugin - sdk.

When we started the new version of Openclaw, the program read this line of code in the WeChat plugin and searched the system - only to find that the official had deleted this path.

The operating environment of OpenClaw uses the Node.js platform. It is a strict machine. If it can't find something, it will immediately report an error: Error: Cannot find module 「openclaw/plugin - sdk」, and then directly stop working, causing our WeChat and enterprise WeChat not to even load. Not to mention sending messages to it and getting a response.

However, QQBot can still be used normally. The main reason is that the warning of dangerous code at the beginning is only for the strict static code scanning tool introduced in this update, and the warning will not prevent the plugin from running.

There has been a lot of discussion about this on social media. Some people say, "If WeChat wants to continue to make good use of this plugin, it must seriously learn about the relevant knowledge of the open - source ecosystem."

Some people refute, saying that OpenClaw itself is very unstable and is constantly being updated and modified.

「Even if WeChat wants to adapt to the open - source, why not just say that the API design of OpenClaw is too bad? The interfaces at the beginning of the project were just a mess, and it would crash with a slight modification.」

Indeed, the responsible practice in the open - source community is usually to first mark the old interface as "deprecated", retain the running ability but pop up a warning, give developers a few months of transition period, and then completely delete it in the next major version.

This time, WeChat painstakingly updated a version and launched the "real WeChat lobster" that supports functions such as QR code login and message sending and receiving. Some netizens even found that in the publicly available plugin installation package of WeChat, it is the first time that WeChat has opened the protocol for personal robots.

Link: https://www.npmjs.com/package/@tencent - weixin/openclaw - weixin

But just after taking such a big step, it was "stabbed in the back" by an update of OpenClaw.

This article is from the WeChat official account “APPSO”, author: Discovering tomorrow's products. It is published by 36Kr with authorization.

该文观点仅代表作者本人,36氪平台仅提供信息存储空间服务。

For media inquiries, interview requests, business collaboration and Recruit global ecological partners, please contact mohaiying@36kr.com.
Partner:startuprad.io

36kr Europe (eu.36kr.com) delivers global business and markets news, data, analysis, and video to the world, dedicated to building value and providing business service for companies’ global expansion.

© 2024 36kr.com. All rights reserved.