OpenClaw 2026.6.10 Exits Beta, Rivals Emerge, and Prosus Bets on a Privacy-Safe Fork
OpenClaw's newest pre-release brings automatic fast mode for conversational turns, more reliable model routing across Zai and GLM, and safer session/channel state handling. Meanwhile the competitive picture is shifting fast: Nous Research's Hermes is catching up by some metrics, Prosus is rolling out its own EU-compliant OpenClaw fork, and the community upgrade tracker clawstat.us is telling users to skip 2026.6.9 entirely. Here's everything that matters today.
🦞 OpenClaw Updates
Version 2026.6.10: Fast Mode, Smarter Routing, Safer State
OpenClaw's latest pre-release — tagged 2026.6.10 — landed on June 22 and introduces three meaningful changes that quietly reshape how the runtime feels to use every day.
Automatic fast mode for conversational turns. OpenClaw can now detect short, lightweight exchanges and switch to a faster execution path automatically, then return to full mode when longer or more complex work starts. This is the kind of UX optimization that sounds obvious in retrospect — of course you want a quick acknowledgment to feel snappy and a code-writing session to feel deliberate — but it requires the runtime to reason about turn intent before it picks a strategy. The implementation keeps fast mode state across retries, fallback transitions, and progress events, which means the system doesn't accidentally reset to slow mode mid-conversation. Kudos to contributors @alexph-dev and @vincentkoc for the original pull and the follow-up hardening.
More reliable model routing. Zai model synthesis, GLM overload failover, and native reasoning-level selection now follow the active model catalog more consistently. In practice, this means fewer unexpected model substitutions during sessions with mixed model configurations. The Zai catalog fix in particular is notable: the base URL was wrong in previous builds, causing silent fallbacks that operators didn't always notice. The fix is transparent — if you weren't hitting problems, nothing changes. If you were, they go away.
Safer session and channel state. Channel switches now properly reset stale origin fields, and cron delivery awareness stays attached to the target session even after channel transitions. This is a subtle fix that matters a lot in complex multi-channel configurations — if your agent hands off between a Telegram bot, a Discord server, and an iMessage handle, the origin metadata following the wrong thread is a silent bug that produces confusing behavior at exactly the worst moment.
Trusted policies survive hook composition. Composed hook registries now keep the trusted tool policies required by approval-sensitive flows. This fix, from contributor @jesse-merhi, closes a real security gap: if you had composed hooks and tool approval policies, there was a code path where composed registries could drop the trust context. That's the kind of bug that doesn't fail loudly — it fails by silently granting or denying access inconsistently.
"Trusted policies survive hook composition: composed hook registries keep the trusted tool policies required by approval-sensitive flows." — OpenClaw 2026.6.10 release notes
2026.6.10 is not a headline release — it is a precision release. Every change is targeted at a specific class of runtime misbehavior: wrong model, wrong session origin, wrong trust context. That pattern is what good platform maintenance looks like. If the project keeps executing at this cadence on correctness work alongside features, the runtime will earn a reputation for predictability that is worth more than any single feature drop. We recommend this pre-release for operators comfortable with beta tracks.
Should You Skip 2026.6.9? ClawStat.us Says Yes
The community upgrade advisory site ClawStat.us — which provides verdicts on whether to upgrade to each OpenClaw version — came out hard on 2026.6.9: "Skip this version." Their analysis notes that while 2026.6.9 delivers compelling features including richer Telegram delivery, stronger Codex integration, standalone provider plugins, and improved agent recovery, the release carries multiple regressions that overshadow those gains.
The site's "medium risk" classification reflects a specific concern: the version shipped with several edge-case failures in cron delivery and session state management that weren't caught before stable promotion. For operators running production workloads on agents that need cron jobs and multi-channel delivery to behave correctly, those aren't edge cases — they're daily operational requirements.
The practical path the community is converging on: stay on 2026.6.8 stable if you're on stable tracks, or jump directly to 2026.6.10 pre-release if you want the improvements. Avoid the 2026.6.9 stable window entirely.
ClawStat.us filling this "should I upgrade" role is actually a healthy ecosystem signal. The OpenClaw project's velocity means releases ship fast, and not all stable promotions have the same quality floor. Having a community tracker that synthesizes upgrade signals — rather than leaving every operator to discover regressions independently — is exactly the kind of tooling a maturing ecosystem needs. We expect clawstat.us to become a standard reference in the operator playbook.
The 2026.6.8 Stable Release: What Actually Shipped
Since a significant slice of the community is staying put on 2026.6.8, it's worth revisiting what that stable release actually delivered — because it was genuinely substantial.
Richer channel delivery across Telegram and WhatsApp. Telegram now renders structured text with tables, lists, expandable blockquotes, preserved line breaks, and CLI-backed replies. WhatsApp honors configured ACP bindings. These aren't cosmetic changes — they're the difference between agents that feel like utilities and agents that feel like products with genuine UX polish.
Safer model routing. The 2026.6.8 release added GLM-5.2 and Claude Haiku 4.5 catalog support with normalized provider IDs, managed SecretRef auth, bounded model browsing, and safer OpenAI/Anthropic tool-schema recovery. The GLM-5.2 addition in particular is significant: it extends OpenClaw's coverage into a model family that has strong traction among users in Asia and among developers building cost-optimized pipelines.
Predictable web search defaults. Key-free providers such as Parallel Free, DuckDuckGo, Ollama, and Codex Hosted Search are now explicit opt-ins rather than surprising automatic fallbacks. This is the right policy choice. An agent that unexpectedly routes searches through a different provider when no API key is configured is an agent that leaks queries in unexpected directions. Opt-in is the correct default.
Resilient memory and state. Oversized OpenAI embedding batches now split before hitting 431 errors, QMD search stays available in transient mode, SQLite avoids WAL on NFS volumes, and full reindexes preserve rollback/cache recovery. The NFS/SQLite fix is especially practical for self-hosters running OpenClaw on shared or NAS-backed storage — WAL mode on NFS is a known source of corruption under concurrent access, and this fix eliminates a silent reliability hazard.
🔒 Security Tip of the Day
Audit Your Cron Jobs for Delivery Context Drift
The session-and-channel state fixes in 2026.6.10 highlight a vulnerability class that many operators overlook: delivery context drift in cron-scheduled agent turns. When a cron job fires, it needs to know where to send its output. If the session state that anchors that delivery context has gone stale — because the original channel switched, or the session was reset, or the target host restarted — the job can silently deliver to the wrong place, or fail to deliver at all.
What to audit:
- Check delivery targets explicitly. For each cron job, verify that the delivery channel (Telegram, Discord, iMessage, etc.) is explicitly declared in the job config rather than inherited from ambient session state. Explicitly declared targets survive session resets. Ambient targets don't.
- Test after gateway restarts. After any gateway restart or update, manually trigger a sample cron job and confirm the output lands where expected. Restarts can clear session state that cron delivery depends on.
- Use sessionTarget="isolated" for detached jobs. Jobs that don't need main session context should run isolated. This prevents them from picking up stale channel context from a previous interactive session.
- Log delivery failures. If a cron job fires and delivery fails silently, you need to know. Configure failure alert channels for jobs that do anything consequential.
Bottom line: cron delivery is a trust boundary. Treat it with the same rigor you'd apply to any outbound communication path from your agent. The 2026.6.10 fix reduces the blast radius of this class of bug, but explicit configuration is always more reliable than implicit state.
⭐ Skill of the Day: self-improving-agent
🔧 self-improving-agent
Author: @pskoett on ClawHub
What it does: Captures learnings, errors, and corrections to enable continuous improvement across sessions. The skill instruments your agent's memory pipeline to record what went wrong, what the correct behavior should have been, and how to avoid the same failure in future runs. It's the closest thing OpenClaw has to a native self-improvement loop — the agent actively builds an error corpus it can reference on subsequent turns.
Why it ranks: It currently sits at the top of ClawHub by install volume at 3.8k installs and 464k usage events — which means a large number of the most active OpenClaw operators are already running it. High-traffic community skills tend to get scrutinized more aggressively when something goes wrong, which is a meaningful (if imperfect) signal for trustworthiness.
What it actually writes: The skill produces structured markdown logs in a designated memory directory. It doesn't execute external commands, doesn't make outbound network calls, and doesn't touch agent configuration. It is, in security terms, a write-only local logging skill. That's a small attack surface.
Safety note: As with any skill, inspect the SKILL.md before installing. The current published version on ClawHub has no outbound network calls and no exec patterns. Verify this hasn't changed since this article was written, especially if you're installing on a production agent with broad tool access.
Install: npx clawhub@latest install pskoett/self-improving-agent
Best use case: Long-running personal agents where you want the system to remember its own correction history — especially useful if you use the same agent across many domains and want it to accumulate domain-specific lessons without you manually maintaining a corrections log.
👥 Community Highlights
The awesome-openclaw-skills Repository Crosses 5,400 Skills
The awesome-openclaw-skills repository — maintained by VoltAgent and filtered from the official OpenClaw Skills Registry — now lists over 5,400 skills across dozens of categories. The jump from a few hundred to over five thousand has happened faster than anyone predicted, and the curation challenge has grown with it.
The repository's filtering approach is worth understanding: it doesn't just mirror ClawHub. It applies an additional curation layer, categorizing skills by domain, checking for basic quality signals, and removing obvious spam or low-quality entries. That means the 5,400 number is already filtered, not raw. The raw ClawHub registry is substantially larger.
What's interesting about the category breakdown: the largest clusters are unsurprisingly productivity (calendar, email, task management), developer tools (GitHub, code review, CLI automation), and communication (messaging, summarization, transcription). But the fastest-growing category right now is bioinformatics — driven partly by the ClawBio project, which has built 88 OpenClaw skills specifically for genomics analysis, pharmacogenomics, and ancestry profiling.
The ClawBio case is a preview of where skills are going: not just productivity helpers, but domain-specific scientific computing extensions. An AI agent with 29 production-ready bioinformatics skills is a fundamentally different tool than an AI agent with a calendar skill. The skill ecosystem is starting to unlock vertical market use cases that the core platform alone couldn't address.
The Operator Community Is Splitting on Version Policy
A visible community tension has emerged around version management: operators who run OpenClaw in production roles are increasingly frustrated by the high velocity of the release train, while enthusiast users enjoy the pace. This isn't new, but it's becoming more structured.
Several operators have started coordinating on a community-maintained "verified stable" list — separate from the official stable tag — that tracks versions that have survived at least two weeks of production deployment across a sample of real installations without regressions. The idea is to give conservative operators a lagging but battle-tested upgrade target rather than the immediately-promoted official stable.
This is exactly the kind of ecosystem self-organization that healthy open-source projects develop when the project's own release pace outstrips what operators need. The OpenClaw team has signaled awareness of this dynamic — the LTS track mentioned in earlier communications would address it formally if it ships.
An LTS track would be one of the most important things OpenClaw ships this year, and not because the current release velocity is bad. It's because the absence of an explicit LTS commitment forces every operator to independently implement something like a conservative upgrade policy — which is wasteful, inconsistent, and produces fragmentation. A formal LTS would let the enthusiast track stay fast while giving production operators a stable substrate to build confidence on. We hope it ships before the summer is out.
🌐 Ecosystem News
Prosus Builds an EU-Compliant OpenClaw Fork — Starting This Week
In the most significant OpenClaw-adjacent news of the day, Prosus NV — the Dutch internet investment giant — has developed its own version of OpenClaw specifically engineered to address European data privacy concerns, and is beginning its rollout this week according to a Bloomberg report. The fork focuses on keeping agent data processing within EU jurisdiction and avoiding the transatlantic data flows that have created compliance complexity for European enterprises adopting the original OpenClaw runtime.
This is a notable strategic moment. OpenClaw has become important enough that a major European conglomerate decided building a compliant fork was more practical than either waiting for upstream privacy features or abandoning the platform entirely. That is, in a roundabout way, an endorsement of the core product's value proposition.
What it signals for the broader market: EU privacy requirements are a real adoption barrier for personal AI agents, and organizations are actively investing to solve it. The Prosus fork is one approach — build your own. Another is the NemoClaw approach from NVIDIA: build a compliant security layer on top. OpenClaw itself could address this with configurable data residency features, but that engineering work hasn't been announced publicly.
The Prosus fork is a double-edged signal. On the positive side, it confirms OpenClaw's design is compelling enough that organizations are willing to maintain a derivative rather than adopt alternatives. On the cautionary side, it means EU-based deployments may start diverging from the upstream feature set, which creates interoperability and skill-compatibility headaches down the road. OpenClaw's best response is probably to accelerate its own data residency configuration story so that compliance doesn't require a fork.
Nous Research's Hermes Is Gaining Ground on OpenClaw
The Information reports that Hermes, an agent tool from Nous Research, has recently eclipsed OpenClaw by some metrics. The piece is paywalled, but the headline is substantive: for the first time since OpenClaw went viral, a credible open-source competitor has closed the gap on at least one meaningful dimension.
We don't have full access to the specific metrics The Information cites. But Nous Research is a credible organization — they've been doing serious work on open model development and agent infrastructure for years. If Hermes is competitive, it's worth paying attention to rather than dismissing.
The competitive implications for OpenClaw are real but not alarming. OpenClaw's moat is its ecosystem — ClawHub, the skills registry, the community of contributors, the platform integrations with iMessage/Telegram/Discord/WhatsApp, and the macOS/iOS/Windows client surface. A competitor can match the runtime and the model routing. Matching 5,400 community skills, a production-grade skills registry with provenance tracking, and platform-native approvals takes years.
Competition also tends to sharpen a project's priorities. If Hermes is gaining on OpenClaw in agent reliability or model support, the OpenClaw team has a clear signal about what to optimize. That's healthy for the ecosystem overall.
The reco.ai Security Crisis Report Is Worth Reading
A detailed post from reco.ai titled "The AI Agent Security Crisis Unfolding Right Now" specifically covers OpenClaw and outlines a pattern of security incidents that emerged rapidly after the platform's viral growth — ranging from traditional vulnerabilities to exposed management interfaces to more exotic agent-specific attack vectors. The report cites "a growing number of security incidents that escalated in both scope and severity" within just two weeks of OpenClaw going viral.
We won't cite specifics from the report here since we haven't verified every claim independently. But the existence of the report — from a security vendor that tracks AI platform risk — is itself meaningful. It means OpenClaw is now important enough to be included in enterprise threat intelligence products. That's a platform maturity milestone, even if it comes with uncomfortable disclosures.
The pattern the report describes — fast viral growth leading to a wave of poorly-configured public deployments — is consistent with what the OpenClaw community itself has been discussing for months. Running an OpenClaw gateway exposed to the internet without auth is still surprisingly common. Every security-hardening release helps, but the weakest link in the chain is always operator configuration, not core code.
The reco.ai report is a useful reminder that OpenClaw security is a shared responsibility model. The platform can harden defaults, add guardrails, and patch vulnerabilities — and it does, consistently. But no platform can protect against an operator who exposes their gateway to the public internet with default credentials. If you're running a self-hosted instance, audit your exposure surface today. If you haven't enabled gateway auth, that's your first step.
OpenClaw in the Broader Agent Landscape: June 2026 Snapshot
Stepping back for the weekly snapshot view: the agent framework landscape is professionalizing on multiple fronts simultaneously. At VivaTech 2026, Taiwan-based MaiAgent told enterprises to stop building RAG and agent systems from scratch. OpenAI shipped new usage analytics and spend controls for enterprise deployments. Microsoft's Agent Framework 1.0 has been out for weeks and is already being cited in enterprise procurement discussions. And Nokia is layering an agentic AI framework with an AI troubleshooting agent onto its Network Services Platform.
What these signals share is a direction: from "AI agents as experiments" to "AI agents as infrastructure." OpenClaw has been running ahead of this curve since day one — its gateway model, memory system, cron scheduler, and approval flows were all designed for production operation, not just demos. As the enterprise world catches up to the idea that agents need policy, memory, and governed tool access, OpenClaw's design decisions look increasingly prescient.
The challenge for OpenClaw is converting that architectural advantage into institutional adoption. Prosus building a fork, rather than just deploying OpenClaw, suggests the path there still has meaningful friction for large organizations with compliance requirements. That's the next engineering and go-to-market problem to solve.
Need help with OpenClaw deployment?
SEN-X provides enterprise OpenClaw consulting — architecture, security hardening, custom skill development, and ongoing support.
Contact SEN-X →