OpenClaw v2026.2.23 lands with new provider integrations, performance optimizations, and a batch of security fixes contributed by 43 developers.
Kilo Gateway Provider
First-class support for the Kilo Gateway provider arrives with authentication, onboarding flow, and kilocode/anthropic/claude-opus-4.6 as the default model. Vercel AI Gateway also gains Claude shorthand model references, simplifying configuration for Vercel-hosted deployments.
Moonshot / Kimi Integration
Two new capabilities for Moonshot (Kimi): a web search provider with corrected two-step tool flow and citation extraction, and a native video provider with auto-detection. This deepens OpenClaw's reach into the Chinese AI ecosystem alongside existing Volcano Engine and BytePlus support.
Performance Improvements
- Session bootstrap caching — Cache bootstrap snapshots per session to reduce prompt-cache invalidations, improving response times for returning users.
- Per-agent parameter overrides — Support for agent-specific params including cacheRetention tuning.
- Session maintenance CLI — New openclaw sessions cleanup with disk-budget controls for self-hosted users.
Security Fixes
- Redacted sensitive config keys in config.get snapshots to prevent credential leakage.
- Hardened ACP client permissions requiring trusted tool IDs.
- Escaped user-controlled values in openai-image-gen to prevent stored XSS.
- Hardened skill-creator packaging against symlink attacks.
- Added pre-commit security hooks for private-key detection.
Bug Fixes
Notable fixes include WhatsApp group policy filtering with allowlist mode, Telegram reaction handling, suppressed reasoning text leakage in legacy sessions, and improved HTTP 502/503/504 failover handling across providers.
OpenClaw Launch instances will receive this update automatically.