Tool Use

OpenClaw v2026.5.6 addresses critical OAuth routing issues, plugin fetch header handling, and debug proxy normalization. The release reverts a problematic repair from v2026.5.5 that incorrectly rewrote OpenAI Codex OAuth routes, which could break GPT-5.5 setups. Additional fixes improve fetch request handling across plugins, debug proxies, and web requests to prevent symbol metadata rejection and resource cleanup issues.

OpenAI Agents Python v0.15.3 is a maintenance release focused on bug fixes and stability improvements. Key fixes address MCP (Model Context Protocol) tool input schema mutations, JSON validation for non-object inputs, deterministic error handling for duplicate tools, and audio delta tolerance during format negotiation. The release includes documentation updates and expanded test coverage for edge cases.

OpenClaw v2026.5.5 is a maintenance release focused on fixing critical bugs across multiple messaging platforms (Feishu, LINE, Telegram, Discord, Matrix, Slack), improving control UI responsiveness and session management, resolving provider integration issues (xAI/Grok, Fireworks), and enhancing diagnostic tools. Key improvements include fixing message routing, webhook validation, tool progress rendering, approval delivery retries, and heartbeat timeout handling. The release also addresses plugin management, media handling, and gateway stability issues.

Claude Code v2.1.131 addresses two critical bugs: a VS Code extension activation failure on Windows caused by a hardcoded build path in the bundled SDK's createRequire polyfill, and Mantle endpoint authentication failures due to a missing x-api-key header. These fixes improve cross-platform compatibility and API authentication reliability.

OpenAI Agents Python v0.15.2 introduces context management model settings and fixes critical issues with conversation session replay, tool execution, and error handling. The release includes 11 bug fixes addressing assistant conversation item IDs, function tool tracing, MCP tool metadata isolation, and stream terminal rejection. Comprehensive test coverage improvements ensure reliability across realtime tool behaviors, handoff mechanisms, and tool identity helpers.

Claude Code v2.1.129 introduces plugin URL fetching, improved output synchronization, and auto-update capabilities for package managers. The release includes refinements to model discovery, history search behavior, and skill overrides, along with numerous bug fixes addressing UI regressions, cache handling, OAuth issues, and policy enforcement. Key improvements enhance terminal compatibility, conversation management, and enterprise security features.

langchain-classic version 1.0.6 release includes security hardening fixes for deserialization and manifest loading, a dependency bump for jupyter-server, and version-specific handling for hub.pull deprecation. The release focuses on improving robustness against untrusted inputs and maintaining compatibility with the classic API.

LangChain Core version 0.3.85 was released with a critical security fix that hardens the `load()` function against untrusted manifests. This patch addresses potential vulnerabilities when loading manifests from untrusted sources. The release follows version 0.3.84 and includes security improvements to the core library.

langchain-core version 1.3.3 was released with security hardening, deprecation fixes, and stability improvements. Key changes include protecting the `load()` function against untrusted manifests, preserving structured inputs on tool runs in tracers, and validating batch_size to prevent infinite loops. The release also includes dependency updates and marks stream_v2/astream_v2 as beta features.

LangChain version 0.3.29 was released with critical security improvements. The release includes fixes to restrict deserialization in the langchain.storage._lc_store module and hardening of the load() function against untrusted manifests. These changes enhance the security posture of the framework by preventing potential deserialization attacks and manifest injection vulnerabilities.

langchain-fireworks version 1.3.1 is a patch release that addresses three key issues: requiring explicit API key configuration in FireworksEmbeddings, fixing a release versioning issue, and correcting how ToolMessage text content blocks are processed by removing non-wire protocol keys. This update ensures proper authentication handling and improves compatibility with the Fireworks API.

LangChain released langchain-mistralai version 1.1.4, a patch update that fixes an issue with ToolMessage handling. The primary change strips non-wire keys from ToolMessage objects to ensure proper serialization and compatibility with Mistral AI integration. This is a maintenance release addressing a specific bug in the mistralai package integration.

OpenClaw v2026.5.4 is a performance and stability release featuring improved Google Meet/Voice Call integration with Twilio's realtime Gemini voice bridge, enhanced plugin metadata caching to reduce cold scans, better Windows gateway binding, and numerous UI/UX improvements in the control dashboard. The release includes dependency updates, diagnostic enhancements, and fixes for plugin resolution, secrets management, and channel configuration. Key improvements focus on reducing startup latency, improving voice agent responsiveness, and streamlining operator workflows.

This cookbook demonstrates building a vulnerability-discovery agent using the Claude Agent SDK that automatically threat-models C source code, hunts memory-safety bugs using built-in file tools (Read, Grep, Glob), and generates structured security reports. The agent operates in a multi-turn session with a bootstrap threat-modeling phase, an interview phase for owner input, and automated vulnerability finding and triage loops. The approach reduces false positives compared to traditional static analyzers by using Claude's reasoning to identify high-confidence memory-safety issues in a read-only sandbox environment.

OpenClaw v2026.5.4-beta.3 introduces significant improvements to voice call handling through Twilio/Gemini integration with paced audio streaming and backpressure management, enhances plugin performance by reusing workspace-scoped metadata snapshots to avoid cold scans, and delivers numerous stability fixes across gateway startup, secrets management, and channel resolution. The release includes performance optimizations for control UI chat interactions, improved diagnostics for slow gateway operations, and expanded QA tooling for desktop-based testing. Key fixes address Windows loopback binding, external plugin contract resolution, and session-store channel ID validation.

OpenClaw v2026.5.4-beta.2 introduces significant improvements to voice call integration with Google Meet/Twilio, enhanced plugin management with better migration hints and metadata caching, and substantial performance optimizations across the gateway and control UI. Key updates include Gemini voice bridge streaming for Meet participants, plugin auto-enablement refinements, secrets handling improvements, and comprehensive performance enhancements reducing startup overhead. The release also adds diagnostic tooling for QA testing and improves developer experience with better error handling and logging.

Claude Code v2.1.128 introduces improvements to session management, MCP server handling, plugin architecture, and terminal UI. Key updates include random color selection for sessions, better MCP server visibility with tool counts, support for ZIP plugin archives, and fixes for environment variable inheritance in subprocesses. The release also addresses numerous bugs affecting focus mode, drag-and-drop uploads, markdown rendering, and parallel shell execution.

OpenClaw v2026.5.4-beta.1 introduces a bundled file-transfer plugin for binary file operations, enhances Google Meet/Voice Call integration with Twilio's realtime Gemini voice bridge, and delivers significant performance improvements across the gateway startup, plugin loading, and UI rendering. The release includes numerous UX refinements for chat controls, streaming progress visualization, and agent command steering, plus expanded QA/testing capabilities for Discord and Slack integrations.

crewAI v1.14.5a2 is a bug fix release addressing critical issues in task output handling, token counting, async operations, and LLM configuration. Key improvements include fixing task output restoration in finally blocks, preserving outputs across async batch flushes, and preventing incorrect final answer returns from hooks and errors. The release also enhances the CrewAIRagAdapter with proper kwargs forwarding and improves BaseModel input handling.

OpenClaw v2026.5.3 introduces a bundled file-transfer plugin with secure binary file operations, hardens plugin installation workflows, and optimizes Gateway startup performance through lazy-loading. The release improves channel reliability across Discord, WhatsApp, Telegram, and other platforms, adds new agent steering commands, and fixes critical issues in realtime transcription, plugin updates, and systemd secret management.