OpenClaw v2026.3.22 dropped last week and it is the most substantial release since the platform renamed from Clawdbot. The headline change — ClawHub replacing npm as the default skill registry — affects every user, but there is a lot more in this update worth understanding. Here is a full breakdown.
ClawHub Is Now the Default Registry
Previously, when you ran openclaw plugins install <package>, it went straight to npm. From v2026.3.22 onwards, the CLI checks ClawHub first and only falls back to npm if the package is not found there. This makes ClawHub the canonical first-stop for skills, which is a significant structural shift — it means the 13,700+ skills in the ClawHub registry are now effectively the default library rather than a parallel option.
The update also adds native openclaw skills search|install|update flows directly in the CLI, so you no longer need to switch between the CLI and the ClawHub web interface to find and install skills. Search is embedding-based (vector search via OpenAI text-embedding-3-small), which makes it meaningfully better than keyword search for finding skills by what they do rather than what they are called.
Security scanning is also tighter: ClawNet by Silverfort now automatically scans SKILL.md files and supporting scripts before installation, not just after the fact. Given the ClawHavoc incident earlier this year, this is a welcome change.
Sub-Agent Improvements: Multi-Model and Adjustable Thinking
This is the update that multi-agent workflow users have been waiting for. You can now assign different AI models to different sub-agents, and set thinking levels (low, medium, high) independently per sub-agent.
In practice, this means you can run an expensive orchestrator model for high-level planning while routing worker sub-agents to cheaper models for execution tasks. The update adds GPT-5.4-mini and GPT-5.4-nano as explicit cost-optimization options for this pattern. For complex multi-agent pipelines where you were previously paying full model costs across every agent, this can make a material difference to running costs.
Anthropic models are also now available via Google Cloud Vertex AI, adding another fallback and cost-optimization route for Claude-based workflows.
/btw: Side Conversations Without Context Pollution
One of the smaller but immediately useful additions: the /btw command opens a side conversation for quick questions without storing anything into your primary context or consuming tokens from your main session.
The use case is simple: you are mid-task and want to ask the agent something unrelated — a quick calculation, a lookup, a clarification — without that exchange becoming part of your primary context window and affecting subsequent responses. /btw handles that cleanly. It sounds minor but it resolves a genuine UX friction that long-session users will recognize immediately.
Session Management: Automatic Cleanup
Session bloat has been a persistent problem for anyone running OpenClaw with recurring cron jobs. Each cron run generates a session record, and over time those accumulate, consuming tokens and degrading performance. v2026.3.22 addresses this with a new cron.sessionRetention setting (default: 24 hours) that automatically cleans up old session records on a schedule.
The update also adds exponential retry backoff for failing recurring cron jobs — starting at 30 seconds and scaling up to 60 minutes — so a temporarily failing job does not spam retries and compound the session bloat problem.
New Web Search Providers
The update adds four new web search providers: Chutes, Exa, Tavily, and Firecrawl. These join the existing options and can be configured as primary or fallback search sources. Exa and Tavily in particular are well-regarded for AI-optimized search — structured results with source citations — and having them available as native search providers rather than requiring a separate skill install simplifies setup for research-heavy workflows.
Security: 30+ Patches
The release includes over 30 security hardening patches. The most notable is a fix for a Windows SMB credential leak that could expose credentials through crafted file paths — high severity and worth updating for immediately if you are on Windows. The Plugin SDK also got an overhaul with standardized security boundaries and a pluggable sandbox backend system.
Gateway cold starts were also reduced from minutes to seconds as part of infrastructure improvements — less a security change than a general quality-of-life win for anyone who has waited through slow gateway initialization.
How to Update
npm update -g openclawIf you are on Windows and running any version prior to v2026.3.22, the SMB credential leak patch alone makes this a mandatory update. For everyone else, the ClawHub-as-default change and the sub-agent multi-model support are the two features most likely to change how you use the platform day to day.
Leave a Reply