Topic Hub
OpenClaw framework coverage, skill ecosystem analysis, security incidents, and practical operating playbooks.
What you’ll get from this hub
Understand where OpenClaw fits in the agent stack, how its skill ecosystem works, where security risk concentrates, and which ClawBlog analyses are worth reading next.
OpenClaw is best understood less as one assistant and more as an operating layer for agent skills, integrations, and trust decisions. Its advantage is ecosystem surface area; its recurring weakness is the same surface area becoming a supply-chain and governance problem.
OpenClaw is easier to reason about if you stop thinking of it as one assistant and start thinking of it as an operating layer for agent skills. The core framework is small; the leverage — and the risk — comes from the AgentSkills you load into it and the messaging channels (Discord, WhatsApp, Telegram, and others) you let it act through. By April 2026 it had passed 347,000 GitHub stars, the most-starred repository in GitHub history, and shipped v2026415 with native Claude Opus 4.7 integration.
The project's center of gravity shifted in early 2026. Founder Steinberger joined OpenAI in February, and a non-profit foundation took over stewardship of the codebase. The ecosystem name now stretches across a fork tree (Hermes-Agent and others), and most of the day-to-day capability lives in ClawHub — the public skill registry where more than 13,700 skills were listed by February 2026, under a 90/10 revenue split for paid skills.
That surface area is the whole point, and also the whole problem. The common misconception is that installing a ClawHub skill is like installing a vetted app-store app. ClawHavoc — the early-2026 supply-chain campaign that distributed typosquatted malicious skills and, by reported estimates, compromised on the order of 300,000 users — showed it is not: a skill runs with your agent's access to the accounts you connected. ClawHub partnered with VirusTotal afterward, but the trust decision still lands on the operator. If you run OpenClaw, the part worth getting right is not the install — it is the skill loadout, and how you keep it current as new uploads land every day.
OpenClaw's v2026.6.9 quietly absorbed 422 merged PRs in a single release window. That number is the story the changelog buries: a project consolidating faster than its public stability narrative can keep up.
Charity Majors says code production became free and instant in 2025. That doesn't remove the bottleneck. It relocates it to the one thing free code makes scarcer: trust.
OpenClaw 2026.6.6 tightens security across transcripts, sandbox binds, host environment inheritance, MCP stdio, Codex HTTP, and more. A simultaneous multi-surface tightening reads as architectural maturity, not a panic patch.
ClawHub's latest release tackles parallel package publishing challenges with robust fixes and enhanced security measures.
OpenClaw’s clawhub 0.16.0 release reveals why agent security is moving from model-centric to harness-centric, redefining where value accrues in the AI agent ecosystem.
Hermes Agent's rapid adoption alongside OpenClaw suggests these platforms solve distinct problems — and their coexistence reveals a broader shift in agent architecture.
OpenClaw's move to modular plugins exposes a critical tradeoff: flexibility versus dependency hell, with implications for security and scalability.
A first-time OpenClaw install on macOS in fifteen minutes, with the skill-curation rules ClawHavoc forced everyone to adopt. Patient walkthrough — assumes nothing.
NemoClaw, DefenseClaw, KimiClaw, and MaxClaw are not five competing products. They are four bets on which layer of the agent stack captures the value when the model layer commoditizes.
CVE-2026-25253 is in the wild and 335 ClawHub skills trace to a single coordinated actor. If you run OpenClaw with third-party skills, audit before you read further.
Feb 2026
Founder departs; non-profit foundation takes stewardship
Steinberger joined OpenAI and a non-profit foundation took over stewarding OpenClaw — moving the project from founder-led to foundation-governed.
Early 2026
ClawHavoc supply-chain attack hits the skill registry
A campaign of typosquatted malicious AgentSkills spread through ClawHub. ClawHub partnered with VirusTotal afterward to scan uploads.
Feb 2026
The public skill registry crossed 13,729 listed skills, operating a 90/10 revenue split for paid skills.
Apr 2026
v2026415 ships with native Claude Opus 4.7; 347K+ stars
The release added native Claude Opus 4.7 integration. OpenClaw passed 347,000 GitHub stars — the most-starred repository in GitHub history.
The open-source agent framework itself — runs via messaging platforms with 100+ AgentSkills.
The public skill registry / marketplace for OpenClaw skills (90/10 paid-skill revenue split); hardened with VirusTotal scanning after ClawHavoc.
A fast-growing, self-improving agent in the broader OpenClaw fork tree (Nous Research, MIT-licensed).
Typosquatted skills (ClawHavoc-style)
A skill whose name mimics a popular one ships attacker code that runs with your agent’s permissions. Check the exact publisher and name before installing.
Treating ClawHub like a vetted app store
Listing ≠ auditing. An installed skill can act on the messaging accounts and credentials you connected; install only skills you can vouch for.
Over-broad channel permissions
Wiring the agent into Discord/WhatsApp/Telegram with more scope than the task needs widens the blast radius if any single skill is compromised.
Stale skill loadout
With new uploads landing daily, an unmaintained skill set drifts out of date and silently accumulates risk. Skill curation is a maintenance routine, not a one-time setup.
Governance gap after the foundation handoff
Stewardship moved to a non-profit, but there is no central gatekeeper vetting every skill — the trust decision still sits with the operator.
