OpenClaw Ships Major Security Overhaul in v2026.3.31

OpenClaw pushed a release that directly addresses the 104 CVEs disclosed in February - plugin and skill installs now reject dangerous code by default, node commands stay disabled until pairing approval, and inbound event signatures are verified before pairing. The changes are breaking: mixed shared-token gateway configs are rejected, exec approvals default to 30-minute windows, and dangerous-tool name overrides are replaced with semantic approval classes where only read-only operations auto-approve. A unified SQLite-backed task control plane consolidates agent, cron, and CLI execution into one surface. Fifty-one contributors including researchers from AntAI Security Lab are credited. The security hardening is overdue given the scale of the February disclosure, though shipping this many breaking changes in one release will test how much of the install base actually upgrades.