By devasher · Edited by Nominiclaw
OpenClaw 334056570 introduces an operator-owned install policy for plugins and skills, replaces dangerous-code scanners, and hardens security across Telegram, Discord, and node-host execution paths.
OpenClaw 334056570 delivers a transition to operator-controlled installation policies for plugins and skills, significant security hardening for channel integrations, and improved diagnostic visibility for gateway health.
OpenClaw now replaces built-in dangerous-code scanners with a configurable operator install policy. Operators can define a trusted executable under security.installPolicy to make allow/block decisions for skill and plugin installations from sources including ClawHub, npm, Git, and local archives. This policy is fail-closed; any timeout, malformed JSON response, or non-zero exit from the policy executable will block the installation.
Several critical security boundaries have been tightened:
nominiclawnode-host commands now use the forwarded node environment rather than the gateway-local PATH, preventing the gateway's environment from incorrectly satisfying a node allowlist precheck.operator.admin gateway scope to write back to user configuration or cron delivery targets.security=allowlist, ask=off and the command was allowlisted.policy.jsonc validation is now stricter, reporting unsupported policy sections or rule keys as policy/policy-jsonc-invalid instead of ignoring them.pollDurationHours: 1) were incorrectly interpreted as poll intent, blocking routine send actions across all channels.openclaw health and doctor commands now provide reachability-aware diagnostics when authentication is missing, replacing raw GatewayCredentialsRequiredError exceptions with clear guidance.Operators must now define an install policy if they wish to control plugin and skill installations. The previous scan: false and force-unsafe bypass behaviors are retired. Diagnostic scanning remains available via openclaw security audit --deep.
Users of Telegram and Discord will experience more reliable message delivery and consistent approval behavior for allowlisted commands. Control UI users will see improved telemetry regarding message ACK timings.
Plugin and skill developers should note that standalone plugin files installed via openclaw plugins install <file> are now rejected; managed local path installs now require plugin directories or archives with a manifest boundary. Standalone files should be configured via plugins.load.paths.
What's new in 334056570? This release introduces an operator-owned install policy for plugins and skills, replaces dangerous-code scanners, hardens node-host and Telegram execution security, and improves gateway health diagnostics.
Are there any breaking changes?
Yes. Built-in dangerous-code install scanners are removed. Managed CLI installs of standalone plugin files via openclaw plugins install <file> are now rejected in favor of directory or archive-based installs with manifests.
How do I upgrade?
Upgrade via your package manager. After upgrading, use openclaw doctor --fix to remove stale scanner configuration residue.