OpenClaw v2026.5.20 Refactors Execution Authorization and Enhances Discord Voice

According to Perceive Beating monitoring, the open-source end-to-end programming AI agent OpenClaw has released version v2026.5.20, which has refactored the underlying execution authorization mechanism and deeply integrated Discord real-time voice and policy control.

The new version has completely removed the old version's execution allow list based on the cat command combination. After the security mechanism upgrade, users must use a dedicated read tool to load Skill files, and the system will only automatically allow validated Skill execution files, thereby blocking security vulnerabilities related to non-standard script calls.

Discord real-time voice chat has added a user dynamic tracking feature. The AI can intelligently follow a designated user across voice channels, support seamless switching between multiple users, and retain the DAVE recovery mechanism. By default, the system injects profiles and role contexts carried in files such as IDENTITY.md, USER.md, and SOUL.md into the real-time voice chat, enhancing the realism of voice interactions. Users can also directly disable this feature by using the voice.realtime.bootstrapContextFiles parameter.

In terms of runtime control and management, the new version has built-in Policy policy plugins in the command line, supporting channel consistency checks and workspace repairs. The new version has added a device code login method for the xAI interface, allowing users to complete authorization through OAuth without a local browser callback.

The experimental.localModelLean toggle for local models now supports individual activation for a single Agent, eliminating the need for global enforcement. The OpenRouter interface now fully follows provider-level params routing policies and allows for overrides using model and agent parameters.

In the underlying dependencies, the bundled Codex suite has been upgraded to version 0.132.0, addressing anomalies such as task scheduling occupying the main session channel and Codex encrypted response loss.