OpenClaw v2026.3.22 brings 48-hour agent sessions, security fixes, and a final MoltBot cleanup

ByIvan Jenic

OpenClaw’s biggest release in months ships 48-hour agent sessions, a full MoltBot rebrand cleanup, and more security fixes than most projects see in a year.

moltbook logo

OpenClaw shipped version 2026.3.22 today, and it is a big one. The release covers everything from a long-overdue agent timeout increase to a wave of security patches, with breaking changes scattered across plugins, browser tooling, and environment configuration.

The most quietly impactful change is the default agent timeout jumping from 10 minutes to 48 hours. Long-running sessions were silently dying at the 600-second mark regardless of what they were doing. That is now fixed by default, with no config changes required.

The breaking changes are worth checking before you update:

  • Plugin installs: ClawHub now takes priority over npm when you run openclaw plugins install. npm still works as a fallback.
  • Browser tooling: The legacy Chrome extension relay path is fully removed. Run openclaw doctor --fix to migrate.
  • Environment variables: CLAWDBOT_* and MOLTBOT_* env names are gone for good. Switch to OPENCLAW_* equivalents.

The security section is extensive. Reported fixes include a Windows flaw that could allow remote file:// URLs to trigger outbound SMB credential handshakes, invisible Unicode padding that could hide text in exec approval prompts, and several gaps in device pairing and webhook authentication. A handful of these were researcher-reported.

On the feature side, MiniMax M2.7 is now the default model, replacing M2.5. Claude via Google Vertex AI is now natively supported. Exa, Tavily, and Firecrawl are bundled as first-party web search plugins. Android gets SMS search, call log search, and a system-aware dark theme.

  • Startup times: Multiple lazy-load fixes bring cold-start times down significantly, with WhatsApp-class gateway boots dropping from tens of seconds back to seconds.
  • Legacy cleanup: The last remnants of MoltBot naming are gone, completing the project’s rebrand to OpenClaw across runtime, installers, and state directories.

The Bottom Line: OpenClaw has had a visible security problem for a while, and the developer appears to be taking it seriously. This release patches more vulnerabilities than most projects address in several months, which is encouraging progress, but also a reminder of how much ground there was to cover.

Check out the full changelog on GitHub.

RunPod
RunPod

If you need on-demand GPUs for training, fine-tuning, inference, or running open-source models, give RunPod a try.

  • Available hardware: H100, H200, A100, L40S, RTX 4090, RTX 5090, and 30+ more
  • Cost: significantly cheaper than AWS or GCP, billed per second, no contracts
  • Setup: spins up in under a minute, 30+ regions worldwide
Try RunPod →
Affiliate disclosure: We may earn a commission if you sign up via our link, at no extra cost to you.
Efficienist Newsletter

Get the core business tech news delivered straight to your inbox. We track AI, automation, SaaS, and cybersecurity so you don't have to.

Just read what you want, and be done with it.

Read Next