OpenClaw is an open-source, self-hosted AI assistant designed to run on your own hardware while connecting to various messaging platforms like Slack, Discord, and iMessage. It uses a plugin-based architecture to give AI models specific skills, such as managing emails or home automation, while ensuring the user maintains full control over their data and rules.

What changed in the OpenClaw 2026.4.21 update?

This update introduces OpenAI Image 2 as the default image generation provider and adds support for 2K and 4K size hints in documentation. It also hardens security by strictly enforcing owner-only commands and improves system reliability through a new repair feature for bundled plugin dependencies and better preservation of Slack thread aliases during outbound messaging.

How does the new security enforcement work in OpenClaw?

The update fixes a vulnerability where non-owner users could potentially access sensitive commands if certain settings were left blank. OpenClaw now strictly requires a verified owner identity or internal administrator status for any owner-enforced commands. This prevents unauthorized users from reaching restricted tools through permissive fallback settings when the owner-allow list is not explicitly configured.

What is the OpenClaw doctor utility?

The doctor utility is a built-in diagnostic tool that can now repair bundled plugin runtime dependencies directly from their specific paths. This allows self-hosted operators to recover missing channel or provider dependencies for packaged installs without needing to perform a broad re-installation of the core system dependencies, making maintenance of production instances significantly more efficient.

Is OpenClaw open source and how can I get the update?

Yes, OpenClaw is a public open-source project available on GitHub. You can access the 2026.4.21 update by downloading the latest release from the official repository. The update is available as a source code zip or tarball, allowing self-hosted users to upgrade their existing instances to benefit from the latest security patches and image generation improvements.

OpenClaw Hardens Agent Security and Upgrades OpenAI Image Generation Defaults

AI Assistant

Image Generation

AI Safety

AI Agent

Performance

Published Apr 24, 2026

OpenClaw Hardens Agent Security and Upgrades OpenAI Image Generation Defaults

OpenClaw, an open-source self-hosted AI assistant, released version 2026.4.21 to improve image quality and system stability. The update establishes gpt-image-2 as the default image-generation provider and adds 2K and 4K size hints. It also introduces a repair function for bundled plugin dependencies within the doctor utility.

This release follows a series of major architectural shifts, including the Dreaming memory system and Active Memory sub-agents. As users move to production, hardening the platform becomes critical. The new security logic ensures that owner-only commands cannot be bypassed through permissive fallbacks, addressing a key vulnerability in multi-user environments.

Upgrade your instance via GitHub to access these stability improvements and updated Slack thread preservation logic. The doctor tool now allows for targeted repairs of bundled plugin runtimes without requiring a full core re-installation. This version is available as a free, open-source update for all self-hosted operators.

Read the full update →

Frequently asked questions

What is OpenClaw?: OpenClaw is an open-source, self-hosted AI assistant designed to run on your own hardware while connecting to various messaging platforms like Slack, Discord, and iMessage. It uses a plugin-based architecture to give AI models specific skills, such as managing emails or home automation, while ensuring the user maintains full control over their data and rules.
What changed in the OpenClaw 2026.4.21 update?: This update introduces OpenAI Image 2 as the default image generation provider and adds support for 2K and 4K size hints in documentation. It also hardens security by strictly enforcing owner-only commands and improves system reliability through a new repair feature for bundled plugin dependencies and better preservation of Slack thread aliases during outbound messaging.
How does the new security enforcement work in OpenClaw?: The update fixes a vulnerability where non-owner users could potentially access sensitive commands if certain settings were left blank. OpenClaw now strictly requires a verified owner identity or internal administrator status for any owner-enforced commands. This prevents unauthorized users from reaching restricted tools through permissive fallback settings when the owner-allow list is not explicitly configured.
What is the OpenClaw doctor utility?: The doctor utility is a built-in diagnostic tool that can now repair bundled plugin runtime dependencies directly from their specific paths. This allows self-hosted operators to recover missing channel or provider dependencies for packaged installs without needing to perform a broad re-installation of the core system dependencies, making maintenance of production instances significantly more efficient.
Is OpenClaw open source and how can I get the update?: Yes, OpenClaw is a public open-source project available on GitHub. You can access the 2026.4.21 update by downloading the latest release from the official repository. The update is available as a source code zip or tarball, allowing self-hosted users to upgrade their existing instances to benefit from the latest security patches and image generation improvements.

Product Update

OpenClaw Adds xAI Multimodal Tools and Local TUI for Secure Debugging

OpenClaw Hardens Agent Security and Upgrades OpenAI Image Generation Defaults

Frequently asked questions

Related

Related

Trending