OpenClaw 2026.6.10 Beta: Fast Mode, Smarter Routing, and NVIDIA Doubles Down

🦞 OpenClaw 2026.6.10 Pre-Release: What Shipped Today

Automatic Fast Mode Is the Headline Feature

The standout change in today's 2026.6.10 pre-release is something that sounds simple but is actually a meaningful UX improvement: OpenClaw can now automatically enable fast mode for short conversational turns, then return to normal mode when a longer or more complex run is needed. Bounded fallback and delivery behavior are preserved throughout the transition.

This matters because fast mode has historically been a manual toggle — a configuration decision operators made once and lived with, even when it was the wrong choice for mixed-workload agents. Most real OpenClaw deployments handle both quick reactive questions and lengthy research or coding runs in the same session. Forcing a static mode selection meant either paying for speed on work that didn't need it, or accepting sluggish responsiveness on conversational turns that were just "quick checks." Auto-detection changes that calculus cleanly.

Crucially, the PR also ensures fast-mode state survives retries, fallback transitions, and progress events. The old behavior could lead to confusing situations where a retry mid-turn would silently drop the fast-mode context. That inconsistency is gone.

"OpenClaw can enable fast mode for short conversational turns, then return to normal mode for longer runs with bounded fallback and delivery behavior." — 2026.6.10 release notes

Model Routing Gets More Consistent

The second headline cluster is a set of provider-level fixes that bring Zai model synthesis, GLM overload failover, and native reasoning-level selection in line with the active model catalog. In plain terms: when OpenClaw routes a request to a model, the routing logic now consistently uses the correct base URLs, overload classifications, and reasoning controls for the model that's actually live — not stale cached metadata from a previous catalog state.

Zai and GLM are both Chinese providers that have seen growing uptake globally as strong alternatives for cost-sensitive or data-residency-sensitive deployments. GLM-5.2 was added to the catalog in the previous 2026.6.8 release, and today's fix ensures failover behavior actually works under overload — something that matters in production environments where you cannot afford silent request drops.

This is part of a broader pattern in OpenClaw's recent releases: the core team is methodically cleaning up the multi-provider routing layer. The ecosystem now spans OpenAI, Anthropic, Google, Zai, GLM, Ollama, Codex, and more. Each provider has quirks, auth patterns, and failure modes. Getting that routing layer right is unglamorous but operationally essential.

Safer Session and Channel State

Two additional fixes address session and channel state hygiene. First, channel switches now reset stale origin fields — meaning if you switch an agent from one channel to another, you won't get phantom delivery behavior from the previous channel's context leaking into the new one. Second, cron delivery awareness stays attached to the correct target session, fixing a class of bugs where scheduled jobs would deliver outputs to the wrong session after session changes.

The session state fixes continue a theme from the entire 2026.6.x release series: OpenClaw is systematically eliminating the scenarios where stale state creates invisible, hard-to-diagnose misbehavior. For operators running agents that span multiple channels, rotate sessions, or use cron jobs for scheduled delivery, these are the kinds of fixes that prevent confusing incidents at 2 AM.

Trusted Policies Survive Hook Composition

There is a quieter but significant security fix in 2026.6.10: composed hook registries now preserve the trusted tool policies required by approval-sensitive flows. In prior versions, composing hook registries — a pattern used for modular plugin architecture — could inadvertently drop trusted policy markers, breaking approval flows without surfacing a clear error. The symptom was subtle: tools that should have required user approval would proceed without it after certain composition patterns.

This is the kind of bug that appears in security audits, not support tickets. Most users would never hit it, but for deployments using composed hooks to build layered approval logic (especially in enterprise contexts where different teams own different tool permission tiers), it was a real risk. Credit to contributor @jesse-merhi for the fix.

📦 OpenClaw 2026.6.9 Is Now Stable — A Quick Recap

With 2026.6.10 now in pre-release, it is worth noting that 2026.6.9 reached stable status yesterday. If you are running a production deployment and are not comfortable with a beta, 2026.6.9 is the current recommended stable build. Its key features include richer Telegram HTML delivery, standalone npm provider plugins, iOS Apple Watch controls for agents, Codex GPT integration improvements, and the sweeping agent recovery overhaul that fixed the most common classes of stuck-agent behavior from the 2026.6.8 cycle.

The SDK transcript identity target API also shipped as a separate companion item — useful for external tooling that needs to reference or manipulate transcript endpoints programmatically. The OpenClaw team has been quietly building out the SDK surface as a foundation for richer integrations.

🔒 Security Tip of the Day

⭐ Skill of the Day: active-maintenance

👥 Community Highlights

Competitors Are Starting to Matter

One of the most interesting signals in the OpenClaw ecosystem this week is The Information's report that Hermes from Nous Research is closing the gap on OpenClaw by some measures. Hermes is a newer agent harness that has been iterating rapidly on multi-model support and a simpler configuration surface. The piece is behind a paywall, but the headline alone is notable: this is the first time a named competitor has been framed by a credible tech outlet as genuinely catching up rather than simply existing in the same space.

What does this mean for OpenClaw operators? Probably not much in the short term — Hermes is not shipping a plugin ecosystem at ClawHub's scale, and the community moat OpenClaw has built through skills, channel integrations, and enterprise endorsements is real. But competition is healthy. The fact that a credible alternative is emerging means OpenClaw can no longer assume the personal AI agent space is a single-player market. Pressure to maintain quality, stability, and operator trust — all themes in the recent release train — will only increase.

5,400+ Skills and Growing in awesome-openclaw-skills

The awesome-openclaw-skills repository from VoltAgent now catalogs and categorizes over 5,400 skills from the official OpenClaw Skills Registry. Updated within the past week, it covers everything from academic research utilities and music video rendering to voice-failover calling integrations that pivot from text to phone calls on delivery failure. The sheer breadth of that catalog is now one of OpenClaw's strongest competitive advantages: no other personal agent framework comes close to this density of community-built integrations.

The ElevenLabs CLI integration highlighted in the catalog is worth noting specifically — a skill that gives your agent an actual voice and a fail-safe mechanism that escalates to a real phone call if a text message or email fails to deliver. That is the kind of thing that sounds like a demo but is increasingly useful for real-world agent deployments handling time-sensitive communications.

OpenClaw SDK Transcript APIs Expanding

The transcript identity target API that shipped alongside 2026.6.9 stable is part of a broader SDK surface expansion. OpenClaw Chronicles covered this in detail, noting that the stable transcript runtime APIs open new paths for external tooling to interact with agent session history in structured ways. For teams building on top of OpenClaw — dashboards, audit tools, workflow integrations — this is the kind of stable API they've been waiting for to build against without worrying about breakage between releases.

🌐 Ecosystem News

NVIDIA Goes Deeper on OpenClaw — NemoClaw and Agent Blueprints

NVIDIA's commitment to OpenClaw is deepening from endorsement toward infrastructure. The company formally endorsed OpenClaw at GTC in March 2026 and has since shipped NemoClaw — a policy-based security layer — alongside an Agent Toolkit that combines OpenShell, AI-Q blueprints, and Nemotron open models. This week, The New Stack published an in-depth interview with Nader Khalil from NVIDIA on why the company is backing OpenClaw and what the agent blueprints architecture looks like at enterprise scale.

"An agent is an LLM and a harness." — Nader Khalil, NVIDIA, on why OpenClaw's architecture aligns with their enterprise agent blueprint strategy.

The practical implication of NVIDIA's involvement is significant. NemoClaw provides the missing infrastructure layer that makes OpenClaw viable in more conservative enterprise environments — sandboxing, privacy routing, and policy-based controls that go beyond what raw OpenClaw provides out of the box. For teams that want the power of OpenClaw but need to satisfy enterprise security and compliance requirements, the NemoClaw layer is increasingly the answer.

Khalil's framing — that every enterprise will soon ship its own specialized AI agents — is also worth sitting with. OpenClaw's personal-assistant roots are clearly evolving. The platform is becoming genuine enterprise infrastructure, whether or not that was always the plan.

ClawHub SkillSpector: Semantic Security at Scale

The OpenClaw team's collaboration with NVIDIA on ClawHub's security pipeline is now fully live. The key new addition is SkillSpector: an AI-assisted semantic scanner that flags risks traditional malware scanners miss entirely. Hidden instructions, risky code paths, overbroad capabilities, dependency issues, and mismatches between a skill's declared purpose and its actual behavior are all in scope.

Every new skill version published to ClawHub now passes through a pre-catalog verification gate where an OpenAI Codex agent receives output from three independent scanners — ClawHub's own static analysis, VirusTotal, and SkillSpector — and produces a unified Skill Card with a verdict: Clean, Suspicious, or Malicious. That card is publicly visible on the skill detail page and accessible from the CLI via openclaw skills verify <slug> --card.

The dataset backing SkillSpector is also being published as an open dataset so the broader community can build on it. That is the right move for a problem this new and this fast-moving — no single registry can defend agentic risk on its own, and making the analysis artifacts public invites the research community to help improve them.

Google DeepMind Publishes AI Control Roadmap for Agentic Systems

Outside the OpenClaw ecosystem proper, Google DeepMind published a technical blog and AI Control Roadmap this week describing a defense-in-depth framework for running agentic systems in production. The framework includes a threat taxonomy based on MITRE ATT&CK and introduces the concept of "supervisor AIs" — agent overseers that monitor and constrain running agents. This is exactly the direction the broader agent security space needs to move, and it validates many of the governance patterns OpenClaw has been building toward in its runtime authority and approval flow work.

For OpenClaw operators, the DeepMind framework is worth reading not because it directly affects your deployment today, but because it will almost certainly influence the security expectations enterprise buyers have of agent platforms in the next 12–18 months. Understanding the threat taxonomy now means you can audit your OpenClaw deployment against a structured framework rather than ad hoc intuition.