OpenClaw v2026.2.6 Released With Support for Opus 4.6,

OpenClaw v2026.2.6 has been released, bolstering security in response to growing concerns regarding malicious skills within its ecosystem. This update introduces a new code safety scanner and model support, directly addressing recent vulnerabilities highlighted by researchers.

OpenClaw, an open-source framework for local AI agents handling tasks like email management and crypto trades via WhatsApp or Telegram, launched version 2026.2.6 on February 7, 2026.

Key additions include support for Anthropic’s Opus 4.6 and OpenAI’s GPT-5.3-Codex models with forward-compatibility fallbacks, plus xAI Grok integration.

A new web UI token usage dashboard and native Voyage AI memory support enhance usability, while session history payloads are capped to prevent context overflow.

The update features a skill and plugin code safety scanner, redacting credentials from config responses to curb leaks. Developers added authentication requirements for Gateway canvas hosts and A2UI assets, alongside hardened Control UI asset handling during updates.

Exec approvals now coerce string allowlists to objects, and cron scheduling fixes include robust timer re-arming to resolve regressions.

This release follows reports of 283-341 malicious or leaky skills in ClawHub, OpenClaw’s marketplace, including credential stealers for macOS and Windows.

Snyk found 7.1% of nearly 4,000 skills mishandle secrets like API keys and credit cards via LLM context windows. Zenity disclosed indirect prompt injection risks, enabling backdoors through trusted integrations like Google Docs to steal files or deploy C2 beacons.

Security firms urge isolating OpenClaw instances and auditing code, as its autonomy grants broad access to banking apps and files. China’s Ministry of Industry warned of cyber threats from misconfigurations, noting over 100,000 GitHub stars and 2 million weekly visitors.

Trend Micro highlighted bypassed guardrails in customizable setups, while Veracode called the plugin ecosystem a risk amid rapid growth.

OpenClaw’s persistent memory and proactive notifications enable high-stakes automation but amplify risks. With clouds like Alibaba and Tencent offering hosted versions, enterprises face new agentic AI challenges.

The safety scanner aims to scan ClawHub submissions, potentially partnering with VirusTotal for marketplace integrity, though details remain unconfirmed.

Telegram DMs now auto-inject thread IDs, Slack strips mentions in commands, and Chrome extensions resolve bundled paths. Compaction retries handle context overflows, with clearer billing errors. Agents bump pi-mono to 0.52.7 for Opus compatibility.

OpenClaw’s GitHub repo, formerly Clawdbot or Moltbot, hit viral status in November 2025. Users praise autonomy for DevOps and smart home control, but experts stress secure configs. As AI agents escape labs, v2026.2.6 signals proactive hardening.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.