OpenClaw released v2026.6.6: Security Approval Timeout Default Denial, Support for Adaptive Thinking

According to Perceive Beating monitoring, the open-source AI agent framework OpenClaw has released a major update to version v2026.6.6, tightening its security sandbox boundaries and integrating new features from multiple cutting-edge large models.

Addressing the recent surge in AI agent privilege escalation and permission bypass vulnerabilities, the new version has made significant security reinforcement at the boundary, covering various dimensions such as transcripts isolation, sandbox binding restrictions, host environment variable inheritance, MCP stdio channel, and Codex HTTP access. In terms of approval mechanisms, execution approvals now introduce a strict "fail closed on timeout" hard limit. To prevent sensitive information leakage, the new version has also truncated the boundary of user-visible content, prohibited Codex/Harmony protocol pseudo-shadow transmission, blocked media directives in browsers and LanceDB memory, and obfuscated or redacted sensitive images in transcript history.

Regarding large model and channel adaptation, OpenClaw has achieved a deep integration of Claude Fable 5's adaptive thinking. The new version has added an OpenRouter OAuth binding process, supporting direct bypass of guardian review for on-device models and retaining reasoning replay of Gemma 4 inference content. In command-line progress feedback, the system has introduced Claude CLI's annotation progress events, seamlessly aligning tool interactivity progress with channel progress without exposing the underlying protocol architecture. For channel delivery, the new version has optimized iMessage's inbound restart diagnostics and idle approval detection, ensuring that private message text within Telegram's restricted scope is not cached or introduced into prompt word contexts.