Agent DailyAgent Daily
releaseintermediate

[Release] openclaw/openclaw v2026.3.22: openclaw 2026.3.22

By steipetegithub
View original on github

OpenClaw v2026.3.22 is a major release with significant breaking changes focused on modernizing plugin architecture, standardizing tool paths, and improving security. Key updates include migrating from the legacy extension API to a new public plugin SDK, replacing the Chrome extension relay with native session management, standardizing image generation tools, and implementing stricter sandbox security controls. The release also introduces ClawHub integration for package management, new marketplace support, and enhanced plugin discovery mechanisms.

Key Points

  • Plugin SDK migration: Replace `openclaw/extension-api` with new `openclaw/plugin-sdk/*` surface; bundled plugins must use injected runtime for host-side operations
  • ClawHub preference: `openclaw plugins install` now prefers ClawHub over npm for npm-safe names, with npm as fallback only when ClawHub lacks the package/version
  • Browser config modernization: Remove legacy Chrome extension relay; run `openclaw doctor --fix` to migrate to `existing-session`/`user` modes; Docker/headless flows use raw CDP
  • Image generation standardization: Consolidate on core `image_generate` tool; remove `nano-banana-pro` skill wrapper; use `agents.defaults.imageGenerationModel` for built-in generation
  • Message discovery refactor: Require `ChannelMessageActionAdapter.describeMessageTool(...)` for shared message tool discovery; remove legacy `listActions`, `getCapabilities`, `getToolSchema` methods
  • Environment variable cleanup: Remove legacy `CLAWDBOT_*` and `MOLTBOT_*` env names; migrate to `OPENCLAW_*` equivalents across runtime, installers, and test tooling
  • State directory migration: Remove `.moltbot` auto-detection; move state to `~/.openclaw` or set `OPENCLAW_STATE_DIR`/`OPENCLAW_CONFIG_PATH` explicitly
  • Sandbox security hardening: Block JVM injection (`MAVEN_OPTS`, `SBT_OPTS`, etc.), glibc tunable exploitation, .NET dependency hijacking, and restrict Gradle init script redirects
  • Discord command reconciliation: Switch to Carbon reconcile by default to prevent slash command churn during Discord restarts
  • Voice webhook security: Reject missing provider signatures before body reads; reduce pre-auth budget to 64 KB/5s; cap concurrent pre-auth requests per IP to prevent buffering attacks

Found this useful? Add it to a playbook for a step-by-step implementation guide.

Workflow Diagram

Start Process
Step A
Step B
Step C
Complete
Sign in to view workflow diagram
Quality

Concepts

IntegrationsMCP ServersSkills & ToolsDeploymentSetup & InfrastructureReleasesTool UseSecurity

Artifacts (6)

Migration Commandcommand
openclaw doctor --fix
Environment Variable Migrationbashconfig
# Old (deprecated)
CLAWDBOT_*
MOLTBOT_*

# New (use these)
OPENCLAW_*
OPENCLAW_STATE_DIR
OPENCLAW_CONFIG_PATH
Image Generation Configyamlconfig
agents:
  defaults:
    imageGenerationModel:
      primary: "google/gemini-3-pro-image-preview"
Browser Profile Configurationyamlconfig
browser:
  profiles:
    <name>:
      userDataDir: "/path/to/chrome/user/data"
Plugin Install Commandsbashcommand
openclaw plugins install <package>
openclaw plugins install clawhub:<package>
openclaw skills search|install|update
openclaw update --tag main
State Directory Migrationbashcommand
# Move legacy state to new location
mv ~/.moltbot ~/.openclaw

# Or set explicit paths
export OPENCLAW_STATE_DIR="/custom/state/path"
export OPENCLAW_CONFIG_PATH="/custom/config/path"
[Release] openclaw/openclaw v2026.3.22: openclaw 2026.3.22 | Agent Daily