v2026.2.23 Security Hardening, 226K Stars, Amazon Agent Rules

🦞 OpenClaw Updates

Release v2026.2.23: The Security Hardening Release

OpenClaw v2026.2.23 is arguably the most security-focused release in the project's history. With over 215,000 GitHub stars and rapidly growing enterprise adoption, the team has responded to increasing scrutiny by locking down multiple attack surfaces simultaneously. This isn't a routine patch — it's a systematic overhaul of how OpenClaw handles trust boundaries.

SSRF Policy Overhaul: The biggest breaking change in this release is the shift of the browser SSRF (Server-Side Request Forgery) policy to "trusted-network" mode by default. Previously, OpenClaw's browser automation had relatively permissive network access, which security researchers flagged as a risk vector for agents running on corporate networks. The new default blocks requests to private network ranges unless explicitly configured. Users running legacy configurations can migrate with openclaw doctor --fix, but SEN-X strongly recommends reviewing your network policies manually rather than auto-migrating.

HTTP Security Headers: The release adds optional HSTS (HTTP Strict-Transport-Security) headers for deployments serving the Gateway over HTTPS directly rather than behind a reverse proxy. This is a welcome addition for users who expose their OpenClaw Gateway to the internet — a growing pattern as remote access becomes more common. The implementation includes proper validation, tests, and documentation to prevent misconfiguration.

Credential Redaction: Sensitive dynamic keys like env.* are now automatically redacted in configuration snapshots. This is critical — prior versions could inadvertently expose API keys through config.get responses, particularly dangerous when agents are configured to share diagnostic information. The fix preserves restore behavior while blocking exposure, meaning you can still back up and restore configurations without losing keys, but they won't appear in plaintext in logs or responses.

Session Cleanup: The new openclaw sessions cleanup command introduces disk-budget controls and safer transcript handling. As agents generate increasingly large conversation histories, storage management has become a real operational concern. This feature helps prevent storage overflows and reduces the risk of stale transcripts containing sensitive information persisting on disk indefinitely.

Skills Packaging Security: The skills system now rejects symlink escapes and XSS-vulnerable prompts in image galleries. This directly addresses the supply-chain concerns raised by the discovery of 386 malicious skills on ClawHub (more on that below). Skills attempting directory traversal via symlinks will be blocked during installation.

ACP Client Permissions: Agent Communication Protocol (ACP) client permissions now demand trusted tool IDs with scoped read approvals, preventing unauthorized file access through tool-calling chains. This closes a subtle but serious attack vector where a malicious skill could request file reads outside its intended scope.

Source: CyberSecurity News · GitHub Releases

GitHub Stars Surge Past 226,000

According to the official OpenClaw Newsletter dated February 25, OpenClaw has reached 226,887 GitHub stars with 43,412 forks and 852 contributors. This makes it the fastest-growing open-source AI agent platform and one of the fastest-growing open-source projects of any kind in 2026. For context, the project had 140,000 stars and 20,000 forks as recently as February 2 — meaning it gained roughly 87,000 stars and 23,000 forks in just over three weeks.

The growth is driven by mainstream media coverage (CNBC, Fortune, Wired), the Moltbook viral moment, and an expanding ecosystem that now includes over 5,700 skills on ClawHub. CrowdStrike published a security analysis calling OpenClaw an "AI Super Agent," while Perplexity CEO Aravind Srinivas referenced it as the benchmark when launching his company's competing product.

Source: OpenClaw Newsletter 2026-02-25

Peter Steinberger Joins OpenClaw

The OpenClaw team has launched what appears to be a new "Builders" content series, with Peter Steinberger featured as the inaugural episode on February 25. Steinberger is a well-known figure in the developer community, particularly in the Apple/iOS ecosystem as the founder of PSPDFKit. His hiring signals OpenClaw's push toward building a world-class engineering team as the project transitions from community-driven effort to a more structured organization.

Source: Serenities AI Deep Dive

🔒 Security Tip of the Day

⭐ Skill of the Day: summarize

👥 Community Highlights

"OpenClaw Is What Apple Intelligence Should Have Been"

A developer post arguing that OpenClaw delivers the actionable AI that Apple Intelligence promised but failed to ship gained massive traction on Hacker News this week, accumulating 518 points and 417 comments. The argument resonated because it touches on a real frustration: Apple's on-device AI features remain limited to text rewriting and basic Siri improvements, while OpenClaw — running locally on the same hardware — can manage email, browse the web, control smart home devices, and execute multi-step workflows autonomously.

The HN discussion was notably nuanced, with security-conscious developers pointing out that OpenClaw's power comes with real risks that Apple's walled-garden approach avoids. Both sides have valid points, and this tension between capability and safety will define the agent space throughout 2026.

Typecast TTS Provider Lands in OpenClaw

PR #10356 adds a new Typecast text-to-speech provider with emotion presets (happy, sad, angry, whisper) and audio tuning controls optimized for Asian language voices. This expands OpenClaw's voice capabilities beyond ElevenLabs and the built-in TTS options, particularly for users who need natural-sounding Korean, Japanese, and Chinese speech output. The Discord community has already started sharing voice comparison clips.

Discord ackReaction Bug Persists

Issue #23577 continues to frustrate Discord channel users — the automatic reaction acknowledgment feature remains broken in the latest version despite valid configuration. With 10 engagement points and growing comments, this is becoming a quality-of-life issue for one of OpenClaw's most popular deployment channels. If you're affected, the community workaround is to use a custom heartbeat handler to manually acknowledge messages.

Source: OpenClaw Newsletter 2026-02-26

🌐 Ecosystem News

Amazon Mandates AI Agent Identification by March 4

Amazon's updated Business Solutions Agreement, effective March 4, 2026, introduces a formal Agent Policy requiring all AI agents operating on Amazon's platform to identify themselves and comply with new rules. This is one of the first major platform-level regulations specifically targeting AI agents rather than AI-generated content. For OpenClaw users running agentic shopping or marketplace automation skills, this means your agent will need to properly identify itself when interacting with Amazon services — or risk account suspension.

The broader implication is significant: as AI agents move from novelty to mainstream tool, platforms will increasingly require agent identification. Expect similar policies from Google, Microsoft, and other major platforms throughout 2026. OpenClaw's architecture — where the agent operates under a named identity with a clear audit trail — is actually well-positioned for this shift.

Source: PPC Land

Perplexity Launches "Computer" — An OpenClaw for Everyone Else

Perplexity CEO Aravind Srinivas launched "Computer" on February 26, explicitly positioning it as an OpenClaw-like agent experience for non-technical users. Available initially to Perplexity Max subscribers with a broader rollout planned, Computer aims to turn "powerful but intimidating agent tools into something closer to a shared digital workspace that non-experts can actually use," according to Fortune's coverage of the launch. The framing is telling — OpenClaw has become the reference point that other products define themselves against.

Source: Fortune

Jira Adds Human-Agent Collaboration

Atlassian rolled out a Jira update that allows AI agents and humans to work side by side on project boards. The company hopes this will help teams produce "10x the work without 10x the chaos." For OpenClaw users who already integrate with Jira via skills, this opens up richer collaboration patterns where your agent can appear as a first-class participant in sprint planning and issue tracking rather than operating through API backdoors.

Source: TechCrunch

New Relic Launches AI Agent Observability Platform

New Relic's new AI agent platform and OpenTelemetry tools address one of the biggest gaps in the agent ecosystem: observability. As organizations deploy agents like OpenClaw in production, understanding agent behavior, performance, and failure modes becomes critical. OpenClaw already supports OTEL diagnostics (with API key redaction improved in v2026.2.23), making it well-suited to integrate with platforms like New Relic for enterprise-grade monitoring.

Source: TechCrunch

ClawHub Ecosystem Reaches 5,700+ Skills

The ClawHub skill registry has grown to over 5,700 skills submitted by developers worldwide, with the top skills by installs being Capability Evolver (35K), Wacli (16K), ByteRover (16K), Self-Improving Agent (15K), ATXP (14K), Gog (14K), Agent Browser (11K), Summarize (10K), GitHub (10K), and Sonoscli (10K). The ecosystem is vibrant but — as the 386 malicious skills discovery shows — growing pains are real. ClawHub is actively working on improved vetting processes.

Source: ClawOneClick · Apiyi Blog