📦 update

OpenClaw v2026.3.23-2 Stabilizes Plugin SDK and Hardens Auth for Self-Hosters

Source: Clawly
releaseplugin-sdkself-hostingsecurityauthbrowser-automationClawHubmaintenance

What Happened

OpenClaw shipped v2026.3.23-2 on March 24, two days after the major v2026.3.22 release that introduced ClawHub and the new Plugin SDK. This point release focuses entirely on stability and hardening rather than new features — a deliberate choice to let the ecosystem absorb the breaking Plugin SDK migration before piling on more changes.

The headline fix restores bundled runtime sidecars that were failing during global installs, resolving a critical gap for ClawHub plugin users whose installs were silently breaking. The compatibility checking system now correctly evaluates against the active runtime version, which means self-hosted deployments that had been rolling back to npm fallbacks should see ClawHub-first resolution work as designed.

Security hardening includes new protections against prototype-chain and control-character abuse in channel inputs, fixes for token persistence issues affecting OpenAI auth profiles, and improved single-channel login behavior. The openclaw doctor --fix command was extended with repair options for stale model and provider settings — a direct response to operator complaints after the v2026.3.22 upgrade.

Browser automation reliability also improved: Chrome MCP and CDP attachment paths are more resilient, and web search provider selection now correctly respects active runtime configuration rather than defaulting.

Why It Matters

The speed of this stabilization release — 48 hours after a major breaking-change release — signals that the OpenClaw team is taking the ClawHub ecosystem transition seriously. The Plugin SDK breaking change in v2026.3.22 was the most disruptive change since OpenClaw's launch, and silent install failures could have poisoned early adopter sentiment toward ClawHub. By shipping targeted fixes before the weekend, the team prevented a scenario where self-hosters gave up on ClawHub and stayed on npm-only workflows.

The openclaw doctor --fix extension is particularly significant for enterprise operators who manage fleets of OpenClaw instances. Automated repair reduces the mean time to recover from upgrade issues and makes the self-hosting operational story more credible for teams evaluating OpenClaw against managed alternatives.

What's Next

Self-hosters running ClawHub plugins, single-channel auth flows, or browser automation should upgrade immediately. The recommended process takes 10–15 minutes: check current version, run npm i -g openclaw@latest, execute openclaw doctor --fix, restart gateway, and confirm status. For most operators, this is a high-value maintenance update with low migration risk.

Related

  • OpenClaw Plugin SDK — developer SDK for building and publishing plugins
  • ClawHub — the official OpenClaw skill and plugin marketplace

Related News

📦 OpenClaw v2026.3.22 Ships ClawHub Marketplace, Multi-Model Sub-Agents, and 30+ Security Patches March 23, 2026 🚀 OpenClaw v2026.3.22 Ships New Plugin SDK, ClawHub Marketplace, GPT-5.4 Support March 23, 2026 📦 OpenClaw Ships v2026.3.13-1 Recovery Patch with Compaction Checks and Discord Fixes March 16, 2026 📦 OpenClaw v2026.3.13 Adds Local Backup Commands and Chrome DevTools MCP Browser Mode March 15, 2026

Related Guides

📖 Securing Your OpenClaw Instance: A CVE Patching and Hardening Guide 📖 OpenClaw on a Cheap VPS: Deploy Your Agent for $5/Month 📖 OpenClaw Security & Hardening
← All News Guides Reviews Browse Skills