What changed in OpenClaw v2026.5.12?

Major architectural change: WhatsApp, Slack, Amazon Bedrock, Anthropic Vertex, and OpenShell sandbox are now optional plugins instead of bundled in core, making installs smaller and updates less fragile.

Does OpenClaw v2026.5.12 fix the rough week bugs?

Yes, 2026.5.12 is the culmination of stability work after the rough week. It addresses plugin dependency bloat, adds isolated Telegram polling, and includes comprehensive security hardening.

What is the pnpm 11 upgrade in OpenClaw?

OpenClaw v2026.5.12 upgrades to pnpm 11, with fixes for WhatsApp Baileys libsignal git subdependency and stronger peer-dependency preservation during plugin installs.

How many commits in OpenClaw v2026.5.12?

1,957 commits since the last stable release, making it one of the largest single-version changelogs in OpenClaw history.

Is Telegram more reliable in OpenClaw v2026.5.12?

Yes, Telegram polling now runs in an isolated worker with a durable local spool, preventing message loss during event loop stalls. Stall detection was rebuilt to only detect getUpdates liveness.

← Back to dashboard

clawsmith.com/signal/openclaw-v2026-5-12-externalize-plugins-pnpm-11

📈 TrendsWide OpenLive

OpenClaw v2026.5.12: Externalizes WhatsApp, Slack, Bedrock Plugins and Ships pnpm 11

Released May 14, 2026 with 1,957 commits since last stable. Architectural shift: WhatsApp, Slack, Amazon Bedrock, Anthropic Vertex, and OpenShell sandbox now install only when actually used, making fresh installs smaller and updates less fragile. Telegram reliability rebuilt with isolated polling worker and durable local spool. Comprehensive security hardening across Gateway, browser control, sandbox, and transcript systems. Session and UI history become first-class audit surfaces.

Product Idea from this Signal

A CLI tool that audits OpenClaw plugin dependency trees, flags transitive security risks, and recommends a minimal install profile based on actual usage

445.0k ▲

OpenClaw v2026.5.12 externalized WhatsApp, Slack, Bedrock, Vertex, and OpenShell into optional plugins. Fresh installs are smaller, but admins now manage their own plugin stacks with no visibility into what each plugin pulls in transitively. The npm supply chain attacks that triggered the rough week came through transitive packages and postinstall scripts. This tool scans the dependency tree of every installed OpenClaw plugin, flags known CVEs and suspicious install-time behavior in transitive deps, and recommends which plugins to remove based on actual usage telemetry from the gateway logs.

CLIOPEN-SOURCESECURITYDEVTOOLNPM

CompetitiveView Opportunity →