Back to OpenClaw News v2026.2.2: Feishu/Lark Support & Agents Dashboard
February 3, 2026 Release Security Ecosystem

v2026.2.2: Feishu/Lark Support & Agents Dashboard

New release brings Feishu/Lark integration for the Chinese market, a Web UI Agents dashboard, and the most security-dense release yet.

Share

🦞 OpenClaw Updates

Release v2026.2.2: Going Global

OpenClaw v2026.2.2 is packed with features that signal the project's international ambitions:

Feishu/Lark Support: Thanks to contributor @jiulingyun from the openclaw-cn community, OpenClaw now supports Feishu/Lark — ByteDance's enterprise communication platform used by millions in China. This opens the door for Chinese enterprise deployments.

Agents Dashboard: The Web UI gets a comprehensive Agents dashboard for managing agent files, tools, skills, models, channels, and cron jobs — all from a single interface. This dramatically reduces the need for config file editing.

QMD Memory Backend: A new opt-in memory backend that provides workspace-level memory with advanced querying capabilities.

Security: The Most Fixes in a Single Release

v2026.2.2 includes an extraordinary number of security fixes, many from first-time security contributors:

  • Gateway /approve commands now require operator.approvals permission (credit: @mitsuhiko — yes, that mitsuhiko, creator of Flask)
  • Matrix allowlists require full MXIDs — ambiguous name resolution no longer grants access
  • Skill installer downloads guarded with SSRF checks (blocks private/localhost URLs)
  • Windows exec allowlist hardened to block cmd.exe bypass via single &
  • Voice call inbound allowlist hardened — anonymous callers rejected
  • Control UI stored XSS prevented via assistant name/avatar sanitization

Source: GitHub Release Notes

SEN-X Take

The volume of security fixes reflects two things: OpenClaw's growing attack surface as it gains users, and the healthy security research community forming around it. The mitsuhiko contribution is notable — attracting open-source legends to contribute security fixes is a strong signal of the project's importance. Every one of these fixes should be treated as a mandatory upgrade.

🔒 Security Tip of the Day

Guard Against SSRF in Skill Installers

Before v2026.2.2, skill installers could potentially download from internal/private URLs — a Server-Side Request Forgery (SSRF) vector. If your agent is on a corporate network, this could expose internal services.

Update immediately. If you can't update right away, restrict your agent's network access using firewall rules to block outbound requests to RFC1918 addresses (10.x.x.x, 172.16-31.x.x, 192.168.x.x) from the OpenClaw process.

⭐ Skill of the Day: backend-patterns

🔧 backend-patterns

What it does: A comprehensive reference for backend architecture patterns, API design, and database management. Your agent becomes a knowledgeable backend architecture consultant that can advise on system design decisions.

Install: npx clawhub@latest install backend-patterns

Source: github.com/openclaw/skills (verified on ClawHub, listed in awesome-openclaw-skills under Coding Agents & IDEs)

Why we like it: Another knowledge-based skill that's safe by design — it contains reference material, not executable code. Great for architecture reviews and design discussions with your agent.

👥 Community Highlights

The Chinese developer community's contributions — Feishu support, zh-CN documentation — mark a significant moment for OpenClaw's internationalization. The project now has meaningful communities in English, Chinese, German, and Japanese.

🌐 Ecosystem News

Healthcheck Skill: A new official healthcheck skill and bootstrap audit guidance were added, making it easier to verify that your OpenClaw installation is configured securely. Run openclaw doctor after upgrading to get the latest checks.

Need help with OpenClaw deployment?

SEN-X provides enterprise OpenClaw consulting — architecture, security hardening, custom skill development, and ongoing support.

Contact SEN-X →
← Back to all articles