Emergency Release: OpenClaw 2026.2.6

Just hours after a malicious "Twitter" skill was discovered on ClawHub, OpenClaw has shipped an emergency security update. Version 2026.2.6 introduces a skill/plugin code safety scanner designed to detect and prevent the exact type of staged malware delivery that was uncovered today.

The Malware Discovery

Earlier today (16:19 UTC), security researchers identified a malicious skill disguised as a "Twitter" integration on ClawHub. The attack used a sophisticated multi-stage delivery:

  1. Fake dependency: Required "openclaw-core" package
  2. Social engineering: Normal-looking install instructions with clickable links
  3. Staged payload: Links led to external staging pages
  4. Binary execution: Final payload downloaded and executed binaries, including Gatekeeper bypass on macOS

The skill had reached top downloaded status before discovery, indicating significant exposure.

The Response: v2026.2.6

Released at 02:27 UTC (just ~10 hours after malware report), the update includes:

Critical Security Fixes

Skill Code Safety Scanner (#9806)

  • Automatic scanning of skill/plugin code for malicious patterns
  • Detection of suspicious external dependencies
  • Validation of install scripts and links

Credential Redaction (#9858)

  • config.get gateway responses now redact sensitive credentials
  • Prevents accidental credential exposure in logs/outputs

Gateway Auth Hardening (#9518)

  • Required authentication for Gateway canvas host and A2UI assets
  • Blocks unauthorized access to sensitive endpoints

Other Notable Changes

  • Models: Anthropic Opus 4.6 and OpenAI Codex gpt-5.3-codex support
  • Providers: xAI (Grok) support added
  • Web UI: Token usage dashboard
  • Cron: Fixed scheduling and reminder delivery regressions

Timeline: From Discovery to Fix

Time (UTC) Event
16:19 Malicious "Twitter" skill reported
16:25 OpenClaw v2026.2.6 release link shared
02:27 v2026.2.6 published with security scanner
16:30 This report published

Response time: ~10 hours from malware discovery to security fix release.

What Users Should Do

  1. Update immediately to v2026.2.6
  2. Audit installed skills - check for any requiring "openclaw-core" or suspicious dependencies
  3. Review recent installs - particularly any "Twitter" or social media skills
  4. Monitor system - check for unauthorized binaries or network connections

Analysis: Speed Matters

This release demonstrates OpenClaw's new security-focused operational tempo. After the "Eating Lobster Souls" trilogy exposed fundamental vulnerabilities, and today's live malware discovery, the team is clearly prioritizing rapid security response.

The skill safety scanner is a direct answer to the supply chain and staged delivery attacks that have plagued the platform. Whether it can catch sophisticated threats remains to be seen, but the 10-hour turnaround from discovery to fix is industry-leading.

Background: Security Crisis

This emergency release comes just days after:

  • The "Eating Lobster Souls" hacking trilogy exposed XSS and supply chain vulnerabilities
  • Collaboration with VirusTotal founder announced for skill vetting
  • Public commitment to "security speedrunning" alongside feature development

The malicious "Twitter" skill represents the first confirmed in-the-wild attack using the techniques demonstrated in the security research.

Official Response

No official statement yet from @steipete or the OpenClaw team. The release notes speak for themselves: security is now receiving the same rapid iteration as features.

Stay tuned for updates as this story develops. If you've installed the "Twitter" skill, assume compromise and take immediate remediation steps.