OpenClaw: Security Hardening and Performance Improvements

Transcript

Good morning, I'm your host with the OpenClaw developer briefing for May 21st, 2026.

The team merged 20 pull requests yesterday, with notable security and performance improvements leading the activity.

NianJiuZst merged a memory core fix that stops recall tracking when dreaming is disabled, addressing issue #84436. The change preserves normal search results while preventing unnecessary artifacts when the dreaming feature is turned off.

On the security front, mcaxtr hardened WhatsApp credential handling by rejecting symlinked credential files. This closes a potential trust boundary issue where symlinks could make malicious credential paths appear valid. Meanwhile, ffluk3 fixed Slack integration to suppress reasoning payloads in non-streaming delivery paths, preventing model thinking content from appearing as visible messages.

Performance saw significant attention with Frank Yang's CLI optimizations. Two merged PRs now cache stable subcommand help and lazy-load action modules, reducing memory usage for help commands from 320MB down to precomputed fast paths. The changes affect doctor, gateway, models, plugins, secrets, and nodes help commands.

IWhatsskill preserved Ollama tool call IDs through the processing pipeline, fixing an issue where native tool call identifiers were being replaced with generic values. The fix maintains compatibility with Gemini over native Ollama while preserving the original identifiers.

Additional security work included lukaIvanic adding doctor warnings for plaintext secrets in config files, pointing users toward the secrets management tooling. Vincent Koc added Linux doctor probes for Codex namespace denials, helping diagnose sandbox configuration issues.

What's next: The focus on CLI performance suggests continued optimization work ahead. Security hardening appears to be an ongoing priority across multiple communication channels.

That's your OpenClaw briefing. Stay secure, stay fast.