Medium severity4.3NVD Advisory· Published May 29, 2026· Updated May 29, 2026
CVE-2026-32906
CVE-2026-32906
Description
OpenClaw before 2026.5.12 contains a privilege escalation vulnerability in Slack plugin approvals that allows exec-authorized users to resolve plugin approvals through the exec approver gate. Attackers with limited exec approval permissions can bypass intended approval splits to approve plugin actions outside operator configuration.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
OpenClaw <2026.5.12 has a privilege escalation in Slack plugin approvals where exec-authorized users can bypass approval splits via the exec approver gate.
Vulnerability
In OpenClaw versions before 2026.5.12, the Slack plugin approvals feature used the exec approver gate for plugin actions. This allows a Slack user who is authorized only for exec approvals to resolve a plugin approval through that gate, bypassing the intended approval splits. The issue exists in the Slack integration approval flow. Affected versions: OpenClaw < 2026.5.12 [1][2].
Exploitation
An attacker with limited exec approval permissions (i.e., authorized to approve exec actions in Slack) can trigger the vulnerability. The attacker sends a plugin action approval request that is routed to the exec approver gate instead of a special plugin approval gate. This allows the attacker to approve the plugin action without proper authorization. No additional privileges or user interaction is needed beyond having exec approval scope [1].
Impact
The impact is a privilege escalation: the attacker can approve plugin actions that are outside the intended operator configuration. This could allow unauthorized plugin executions, potentially leading to arbitrary command execution or data access depending on the plugin. Practical impact varies based on operator configuration and whether lower-trust input can reach that path [1].
Mitigation
The vulnerability is fixed in OpenClaw version 2026.5.12 [1]. If upgrading is not possible, operators should keep approval allowlists aligned, manually review Slack approval actions, disable the affected feature when not needed, and ensure channel and tool allowlists are narrow [1].
References
AI Insight generated on May 29, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2Patches
1f066dd2f31c2chore(release): prepare 2026.5.12
124 files changed · +214 −214
CHANGELOG.md+1 −1 modified@@ -2,7 +2,7 @@ Docs: https://docs.openclaw.ai -## Unreleased +## 2026.5.12 ### Changes
extensions/acpx/package.json+3 −3 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/acpx", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "description": "OpenClaw ACP runtime backend", "repository": { "type": "git", @@ -26,10 +26,10 @@ "minHostVersion": ">=2026.4.25" }, "compat": { - "pluginApi": ">=2026.5.12-beta.8" + "pluginApi": ">=2026.5.12" }, "build": { - "openclawVersion": "2026.5.12-beta.8", + "openclawVersion": "2026.5.12", "staticAssets": [ { "source": "./src/runtime-internals/mcp-proxy.mjs",
extensions/alibaba/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/alibaba-provider", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "private": true, "description": "OpenClaw Alibaba Model Studio video provider plugin", "type": "module",
extensions/amazon-bedrock-mantle/package.json+3 −3 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/amazon-bedrock-mantle-provider", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "description": "OpenClaw Amazon Bedrock Mantle (OpenAI-compatible) provider plugin", "repository": { "type": "git", @@ -25,10 +25,10 @@ "minHostVersion": ">=2026.5.12-beta.6" }, "compat": { - "pluginApi": ">=2026.5.12-beta.8" + "pluginApi": ">=2026.5.12" }, "build": { - "openclawVersion": "2026.5.12-beta.8", + "openclawVersion": "2026.5.12", "bundledDist": false }, "release": {
extensions/amazon-bedrock/package.json+3 −3 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/amazon-bedrock-provider", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "description": "OpenClaw Amazon Bedrock provider plugin", "repository": { "type": "git", @@ -27,10 +27,10 @@ "minHostVersion": ">=2026.5.12-beta.6" }, "compat": { - "pluginApi": ">=2026.5.12-beta.8" + "pluginApi": ">=2026.5.12" }, "build": { - "openclawVersion": "2026.5.12-beta.8", + "openclawVersion": "2026.5.12", "bundledDist": false }, "release": {
extensions/anthropic/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/anthropic-provider", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "private": true, "description": "OpenClaw Anthropic provider plugin", "type": "module",
extensions/anthropic-vertex/package.json+3 −3 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/anthropic-vertex-provider", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "description": "OpenClaw Anthropic Vertex provider plugin", "repository": { "type": "git", @@ -25,10 +25,10 @@ "minHostVersion": ">=2026.5.12-beta.6" }, "compat": { - "pluginApi": ">=2026.5.12-beta.8" + "pluginApi": ">=2026.5.12" }, "build": { - "openclawVersion": "2026.5.12-beta.8", + "openclawVersion": "2026.5.12", "bundledDist": false }, "release": {
extensions/arcee/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/arcee-provider", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "private": true, "description": "OpenClaw Arcee provider plugin", "type": "module",
extensions/azure-speech/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/azure-speech", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "private": true, "description": "OpenClaw Azure Speech plugin", "type": "module",
extensions/bonjour/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/bonjour", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "description": "OpenClaw Bonjour/mDNS gateway discovery", "type": "module", "dependencies": {
extensions/brave/package.json+3 −3 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/brave-plugin", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "description": "OpenClaw Brave plugin", "repository": { "type": "git", @@ -20,10 +20,10 @@ "minHostVersion": ">=2026.4.10" }, "compat": { - "pluginApi": ">=2026.5.12-beta.8" + "pluginApi": ">=2026.5.12" }, "build": { - "openclawVersion": "2026.5.12-beta.8" + "openclawVersion": "2026.5.12" }, "release": { "publishToClawHub": true,
extensions/browser/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/browser-plugin", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "private": true, "description": "OpenClaw browser tool plugin", "type": "module",
extensions/byteplus/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/byteplus-provider", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "private": true, "description": "OpenClaw BytePlus provider plugin", "type": "module",
extensions/canvas/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/canvas-plugin", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "private": true, "description": "OpenClaw Canvas plugin", "type": "module",
extensions/canvas/src/host/a2ui/.bundle.hash+1 −1 modified@@ -1 +1 @@ -2041ea91d5bbadd4fca2a4c9473c5647ae5fcdedaf57bd91ccbcf8ac285cb360 +086ca3619ef4f0a84e08eb1ff5123e8647ea9f250ae5d85b84b296e6be7f8fb7
extensions/cerebras/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/cerebras-provider", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "private": true, "description": "OpenClaw Cerebras provider plugin", "type": "module",
extensions/chutes/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/chutes-provider", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "private": true, "description": "OpenClaw Chutes.ai provider plugin", "type": "module",
extensions/clickclack/package.json+2 −2 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/clickclack", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "private": true, "description": "OpenClaw ClickClack channel plugin", "type": "module", @@ -18,7 +18,7 @@ "openclaw": "workspace:*" }, "peerDependencies": { - "openclaw": ">=2026.5.12-beta.8" + "openclaw": ">=2026.5.12" }, "peerDependenciesMeta": { "openclaw": {
extensions/cloudflare-ai-gateway/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/cloudflare-ai-gateway-provider", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "private": true, "description": "OpenClaw Cloudflare AI Gateway provider plugin", "type": "module",
extensions/codex/package.json+3 −3 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/codex", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "description": "OpenClaw Codex harness and model provider plugin", "repository": { "type": "git", @@ -27,10 +27,10 @@ "minHostVersion": ">=2026.5.1-beta.1" }, "compat": { - "pluginApi": ">=2026.5.12-beta.8" + "pluginApi": ">=2026.5.12" }, "build": { - "openclawVersion": "2026.5.12-beta.8" + "openclawVersion": "2026.5.12" }, "release": { "publishToClawHub": true,
extensions/comfy/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/comfy-provider", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "private": true, "description": "OpenClaw ComfyUI provider plugin", "type": "module",
extensions/copilot-proxy/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/copilot-proxy", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "private": true, "description": "OpenClaw Copilot Proxy provider plugin", "type": "module",
extensions/deepgram/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/deepgram-provider", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "private": true, "description": "OpenClaw Deepgram media-understanding provider", "type": "module",
extensions/deepinfra/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/deepinfra-provider", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "private": true, "description": "OpenClaw DeepInfra provider plugin", "type": "module",
extensions/deepseek/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/deepseek-provider", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "private": true, "description": "OpenClaw DeepSeek provider plugin", "type": "module",
extensions/diagnostics-otel/package.json+3 −3 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/diagnostics-otel", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "description": "OpenClaw diagnostics OpenTelemetry exporter", "repository": { "type": "git", @@ -34,10 +34,10 @@ "minHostVersion": ">=2026.4.25" }, "compat": { - "pluginApi": ">=2026.5.12-beta.8" + "pluginApi": ">=2026.5.12" }, "build": { - "openclawVersion": "2026.5.12-beta.8" + "openclawVersion": "2026.5.12" }, "release": { "publishToClawHub": true,
extensions/diagnostics-prometheus/package.json+3 −3 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/diagnostics-prometheus", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "description": "OpenClaw diagnostics Prometheus exporter", "repository": { "type": "git", @@ -21,10 +21,10 @@ "minHostVersion": ">=2026.4.25" }, "compat": { - "pluginApi": ">=2026.5.12-beta.8" + "pluginApi": ">=2026.5.12" }, "build": { - "openclawVersion": "2026.5.12-beta.8" + "openclawVersion": "2026.5.12" }, "release": { "publishToClawHub": true,
extensions/diffs/package.json+3 −3 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/diffs", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "description": "OpenClaw diff viewer plugin", "repository": { "type": "git", @@ -31,10 +31,10 @@ "minHostVersion": ">=2026.4.30" }, "compat": { - "pluginApi": ">=2026.5.12-beta.8" + "pluginApi": ">=2026.5.12" }, "build": { - "openclawVersion": "2026.5.12-beta.8", + "openclawVersion": "2026.5.12", "staticAssets": [ { "source": "./assets/viewer-runtime.js",
extensions/discord/package.json+4 −4 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/discord", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "description": "OpenClaw Discord channel plugin", "repository": { "type": "git", @@ -21,7 +21,7 @@ "openclaw": "workspace:*" }, "peerDependencies": { - "openclaw": ">=2026.5.12-beta.8" + "openclaw": ">=2026.5.12" }, "peerDependenciesMeta": { "openclaw": { @@ -65,10 +65,10 @@ "allowInvalidConfigRecovery": true }, "compat": { - "pluginApi": ">=2026.5.12-beta.8" + "pluginApi": ">=2026.5.12" }, "build": { - "openclawVersion": "2026.5.12-beta.8" + "openclawVersion": "2026.5.12" }, "release": { "publishToClawHub": true,
extensions/document-extract/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/document-extract-plugin", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "private": true, "description": "OpenClaw local document extraction plugin", "type": "module",
extensions/duckduckgo/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/duckduckgo-plugin", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "private": true, "description": "OpenClaw DuckDuckGo plugin", "type": "module",
extensions/elevenlabs/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/elevenlabs-speech", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "private": true, "description": "OpenClaw ElevenLabs speech plugin", "type": "module",
extensions/exa/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/exa-plugin", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "private": true, "description": "OpenClaw Exa plugin", "type": "module",
extensions/fal/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/fal-provider", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "private": true, "description": "OpenClaw fal provider plugin", "type": "module",
extensions/feishu/package.json+4 −4 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/feishu", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "description": "OpenClaw Feishu/Lark channel plugin (community maintained by @m1heng)", "repository": { "type": "git", @@ -17,7 +17,7 @@ "openclaw": "workspace:*" }, "peerDependencies": { - "openclaw": ">=2026.5.12-beta.8" + "openclaw": ">=2026.5.12" }, "peerDependenciesMeta": { "openclaw": { @@ -48,10 +48,10 @@ "minHostVersion": ">=2026.4.25" }, "compat": { - "pluginApi": ">=2026.5.12-beta.8" + "pluginApi": ">=2026.5.12" }, "build": { - "openclawVersion": "2026.5.12-beta.8" + "openclawVersion": "2026.5.12" }, "release": { "publishToClawHub": true,
extensions/file-transfer/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/file-transfer", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "description": "OpenClaw file transfer plugin (file_fetch, dir_list, dir_fetch, file_write)", "type": "module", "dependencies": {
extensions/firecrawl/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/firecrawl-plugin", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "private": true, "description": "OpenClaw Firecrawl plugin", "type": "module",
extensions/fireworks/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/fireworks-provider", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "private": true, "description": "OpenClaw Fireworks provider plugin", "type": "module",
extensions/github-copilot/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/github-copilot-provider", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "private": true, "description": "OpenClaw GitHub Copilot provider plugin", "type": "module",
extensions/googlechat/package.json+4 −4 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/googlechat", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "description": "OpenClaw Google Chat channel plugin", "repository": { "type": "git", @@ -17,7 +17,7 @@ "openclaw": "workspace:*" }, "peerDependencies": { - "openclaw": ">=2026.5.12-beta.8" + "openclaw": ">=2026.5.12" }, "peerDependenciesMeta": { "openclaw": { @@ -75,10 +75,10 @@ "minHostVersion": ">=2026.4.10" }, "compat": { - "pluginApi": ">=2026.5.12-beta.8" + "pluginApi": ">=2026.5.12" }, "build": { - "openclawVersion": "2026.5.12-beta.8" + "openclawVersion": "2026.5.12" }, "release": { "publishToClawHub": true,
extensions/google-meet/package.json+4 −4 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/google-meet", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "description": "OpenClaw Google Meet participant plugin", "repository": { "type": "git", @@ -16,7 +16,7 @@ "openclaw": "workspace:*" }, "peerDependencies": { - "openclaw": ">=2026.5.12-beta.8" + "openclaw": ">=2026.5.12" }, "peerDependenciesMeta": { "openclaw": { @@ -33,10 +33,10 @@ "minHostVersion": ">=2026.4.20" }, "compat": { - "pluginApi": ">=2026.5.12-beta.8" + "pluginApi": ">=2026.5.12" }, "build": { - "openclawVersion": "2026.5.12-beta.8" + "openclawVersion": "2026.5.12" }, "release": { "publishToClawHub": true,
extensions/google/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/google-plugin", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "private": true, "description": "OpenClaw Google plugin", "type": "module",
extensions/gradium/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/gradium-speech", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "private": true, "description": "OpenClaw Gradium speech plugin", "type": "module",
extensions/groq/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/groq-provider", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "private": true, "description": "OpenClaw Groq media-understanding provider", "type": "module",
extensions/huggingface/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/huggingface-provider", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "private": true, "description": "OpenClaw Hugging Face provider plugin", "type": "module",
extensions/image-generation-core/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/image-generation-core", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "private": true, "description": "OpenClaw image generation runtime package", "type": "module",
extensions/imessage/package.json+3 −3 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/imessage", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "private": true, "description": "OpenClaw iMessage channel plugin using imsg on a signed-in Mac", "type": "module", @@ -40,10 +40,10 @@ ] }, "compat": { - "pluginApi": ">=2026.5.12-beta.8" + "pluginApi": ">=2026.5.12" }, "build": { - "openclawVersion": "2026.5.12-beta.8" + "openclawVersion": "2026.5.12" } }, "pluginInspector": {
extensions/inworld/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/inworld-speech", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "private": true, "description": "OpenClaw Inworld speech plugin", "type": "module",
extensions/irc/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/irc", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "description": "OpenClaw IRC channel plugin", "type": "module", "devDependencies": {
extensions/kilocode/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/kilocode-provider", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "private": true, "description": "OpenClaw Kilo Gateway provider plugin", "type": "module",
extensions/kimi-coding/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/kimi-provider", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "private": true, "description": "OpenClaw Kimi provider plugin", "type": "module",
extensions/line/package.json+4 −4 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/line", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "description": "OpenClaw LINE channel plugin", "repository": { "type": "git", @@ -16,7 +16,7 @@ "openclaw": "workspace:*" }, "peerDependencies": { - "openclaw": ">=2026.5.12-beta.8" + "openclaw": ">=2026.5.12" }, "peerDependenciesMeta": { "openclaw": { @@ -46,10 +46,10 @@ "minHostVersion": ">=2026.4.10" }, "compat": { - "pluginApi": ">=2026.5.12-beta.8" + "pluginApi": ">=2026.5.12" }, "build": { - "openclawVersion": "2026.5.12-beta.8" + "openclawVersion": "2026.5.12" }, "release": { "publishToClawHub": true,
extensions/litellm/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/litellm-provider", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "private": true, "description": "OpenClaw LiteLLM provider plugin", "type": "module",
extensions/llm-task/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/llm-task", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "private": true, "description": "OpenClaw JSON-only LLM task plugin", "type": "module",
extensions/lmstudio/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/lmstudio-provider", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "private": true, "description": "OpenClaw LM Studio provider plugin", "type": "module",
extensions/lobster/package.json+3 −3 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/lobster", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "description": "Lobster workflow tool plugin (typed pipelines + resumable approvals)", "repository": { "type": "git", @@ -25,10 +25,10 @@ "minHostVersion": ">=2026.4.25" }, "compat": { - "pluginApi": ">=2026.5.12-beta.8" + "pluginApi": ">=2026.5.12" }, "build": { - "openclawVersion": "2026.5.12-beta.8" + "openclawVersion": "2026.5.12" }, "release": { "publishToClawHub": true,
extensions/matrix/package.json+4 −4 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/matrix", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "description": "OpenClaw Matrix channel plugin", "repository": { "type": "git", @@ -22,7 +22,7 @@ "openclaw": "workspace:*" }, "peerDependencies": { - "openclaw": ">=2026.5.12-beta.8" + "openclaw": ">=2026.5.12" }, "peerDependenciesMeta": { "openclaw": { @@ -87,10 +87,10 @@ "allowInvalidConfigRecovery": true }, "compat": { - "pluginApi": ">=2026.5.12-beta.8" + "pluginApi": ">=2026.5.12" }, "build": { - "openclawVersion": "2026.5.12-beta.8" + "openclawVersion": "2026.5.12" }, "release": { "publishToClawHub": true,
extensions/mattermost/package.json+2 −2 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/mattermost", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "description": "OpenClaw Mattermost channel plugin", "repository": { "type": "git", @@ -16,7 +16,7 @@ "openclaw": "workspace:*" }, "peerDependencies": { - "openclaw": ">=2026.5.12-beta.8" + "openclaw": ">=2026.5.12" }, "peerDependenciesMeta": { "openclaw": {
extensions/media-understanding-core/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/media-understanding-core", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "private": true, "description": "OpenClaw media understanding runtime package", "type": "module",
extensions/memory-core/package.json+2 −2 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/memory-core", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "private": true, "description": "OpenClaw core memory search plugin", "type": "module", @@ -14,7 +14,7 @@ "openclaw": "workspace:*" }, "peerDependencies": { - "openclaw": ">=2026.5.12-beta.8" + "openclaw": ">=2026.5.12" }, "peerDependenciesMeta": { "openclaw": {
extensions/memory-lancedb/package.json+3 −3 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/memory-lancedb", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "description": "OpenClaw LanceDB-backed long-term memory plugin with auto-recall/capture", "repository": { "type": "git", @@ -26,10 +26,10 @@ "minHostVersion": ">=2026.4.10" }, "compat": { - "pluginApi": ">=2026.5.12-beta.8" + "pluginApi": ">=2026.5.12" }, "build": { - "openclawVersion": "2026.5.12-beta.8" + "openclawVersion": "2026.5.12" }, "release": { "publishToClawHub": true,
extensions/memory-wiki/package.json+2 −2 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/memory-wiki", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "private": true, "description": "OpenClaw persistent wiki plugin", "type": "module", @@ -14,7 +14,7 @@ "openclaw": "workspace:*" }, "peerDependencies": { - "openclaw": ">=2026.5.12-beta.8" + "openclaw": ">=2026.5.12" }, "peerDependenciesMeta": { "openclaw": {
extensions/microsoft-foundry/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/microsoft-foundry", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "private": true, "description": "OpenClaw Microsoft Foundry provider plugin", "type": "module",
extensions/microsoft/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/microsoft-speech", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "private": true, "description": "OpenClaw Microsoft speech plugin", "type": "module",
extensions/migrate-claude/package.json+2 −2 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/migrate-claude", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "private": true, "description": "Claude to OpenClaw migration provider", "type": "module", @@ -9,7 +9,7 @@ "openclaw": "workspace:*" }, "peerDependencies": { - "openclaw": ">=2026.5.12-beta.8" + "openclaw": ">=2026.5.12" }, "peerDependenciesMeta": { "openclaw": {
extensions/migrate-hermes/package.json+2 −2 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/migrate-hermes", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "private": true, "description": "Hermes to OpenClaw migration provider", "type": "module", @@ -12,7 +12,7 @@ "openclaw": "workspace:*" }, "peerDependencies": { - "openclaw": ">=2026.5.12-beta.8" + "openclaw": ">=2026.5.12" }, "peerDependenciesMeta": { "openclaw": {
extensions/minimax/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/minimax-provider", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "private": true, "description": "OpenClaw MiniMax provider and OAuth plugin", "type": "module",
extensions/mistral/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/mistral-provider", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "private": true, "description": "OpenClaw Mistral provider plugin", "type": "module",
extensions/moonshot/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/moonshot-provider", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "private": true, "description": "OpenClaw Moonshot provider plugin", "type": "module",
extensions/msteams/package.json+4 −4 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/msteams", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "description": "OpenClaw Microsoft Teams channel plugin", "repository": { "type": "git", @@ -22,7 +22,7 @@ "openclaw": "workspace:*" }, "peerDependencies": { - "openclaw": ">=2026.5.12-beta.8" + "openclaw": ">=2026.5.12" }, "peerDependenciesMeta": { "openclaw": { @@ -58,10 +58,10 @@ "minHostVersion": ">=2026.4.10" }, "compat": { - "pluginApi": ">=2026.5.12-beta.8" + "pluginApi": ">=2026.5.12" }, "build": { - "openclawVersion": "2026.5.12-beta.8" + "openclawVersion": "2026.5.12" }, "release": { "publishToClawHub": true,
extensions/nextcloud-talk/package.json+4 −4 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/nextcloud-talk", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "description": "OpenClaw Nextcloud Talk channel plugin", "repository": { "type": "git", @@ -12,7 +12,7 @@ "openclaw": "workspace:*" }, "peerDependencies": { - "openclaw": ">=2026.5.12-beta.8" + "openclaw": ">=2026.5.12" }, "peerDependenciesMeta": { "openclaw": { @@ -44,10 +44,10 @@ "minHostVersion": ">=2026.4.10" }, "compat": { - "pluginApi": ">=2026.5.12-beta.8" + "pluginApi": ">=2026.5.12" }, "build": { - "openclawVersion": "2026.5.12-beta.8" + "openclawVersion": "2026.5.12" }, "release": { "publishToClawHub": true,
extensions/nostr/package.json+4 −4 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/nostr", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "description": "OpenClaw Nostr channel plugin for NIP-04 encrypted DMs", "repository": { "type": "git", @@ -16,7 +16,7 @@ "openclaw": "workspace:*" }, "peerDependencies": { - "openclaw": ">=2026.5.12-beta.8" + "openclaw": ">=2026.5.12" }, "peerDependenciesMeta": { "openclaw": { @@ -54,10 +54,10 @@ "minHostVersion": ">=2026.4.10" }, "compat": { - "pluginApi": ">=2026.5.12-beta.8" + "pluginApi": ">=2026.5.12" }, "build": { - "openclawVersion": "2026.5.12-beta.8" + "openclawVersion": "2026.5.12" }, "release": { "publishToClawHub": true,
extensions/nvidia/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/nvidia-provider", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "private": true, "description": "OpenClaw NVIDIA provider plugin", "type": "module",
extensions/oc-path/package.json+2 −2 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/oc-path", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "private": true, "description": "OpenClaw oc:// workspace path plugin", "type": "module", @@ -14,7 +14,7 @@ "openclaw": "workspace:*" }, "peerDependencies": { - "openclaw": ">=2026.5.12-beta.8" + "openclaw": ">=2026.5.12" }, "peerDependenciesMeta": { "openclaw": {
extensions/ollama/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/ollama-provider", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "private": true, "description": "OpenClaw Ollama provider plugin", "type": "module",
extensions/openai/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/openai-provider", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "private": true, "description": "OpenClaw OpenAI provider plugins", "type": "module",
extensions/opencode-go/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/opencode-go-provider", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "private": true, "description": "OpenClaw OpenCode Go provider plugin", "type": "module",
extensions/opencode/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/opencode-provider", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "private": true, "description": "OpenClaw OpenCode Zen provider plugin", "type": "module",
extensions/open-prose/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/open-prose", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "private": true, "description": "OpenProse VM skill pack plugin (slash command + telemetry).", "type": "module",
extensions/openrouter/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/openrouter-provider", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "private": true, "description": "OpenClaw OpenRouter provider plugin", "type": "module",
extensions/openshell/package.json+3 −3 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/openshell-sandbox", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "description": "OpenClaw OpenShell sandbox backend", "repository": { "type": "git", @@ -24,10 +24,10 @@ "minHostVersion": ">=2026.5.12-beta.6" }, "compat": { - "pluginApi": ">=2026.5.12-beta.8" + "pluginApi": ">=2026.5.12" }, "build": { - "openclawVersion": "2026.5.12-beta.8" + "openclawVersion": "2026.5.12" }, "release": { "publishToClawHub": true,
extensions/perplexity/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/perplexity-plugin", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "private": true, "description": "OpenClaw Perplexity plugin", "type": "module",
extensions/qa-channel/package.json+2 −2 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/qa-channel", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "private": true, "description": "OpenClaw QA synthetic channel plugin", "type": "module", @@ -19,7 +19,7 @@ "openclaw": "workspace:*" }, "peerDependencies": { - "openclaw": ">=2026.5.12-beta.8" + "openclaw": ">=2026.5.12" }, "peerDependenciesMeta": { "openclaw": {
extensions/qa-lab/package.json+3 −3 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/qa-lab", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "private": true, "description": "OpenClaw QA lab plugin with private debugger UI and scenario runner", "type": "module", @@ -19,7 +19,7 @@ "openclaw": "workspace:*" }, "peerDependencies": { - "openclaw": ">=2026.5.12-beta.8" + "openclaw": ">=2026.5.12" }, "peerDependenciesMeta": { "openclaw": { @@ -31,7 +31,7 @@ "./index.ts" ], "compat": { - "pluginApi": ">=2026.5.12-beta.8" + "pluginApi": ">=2026.5.12" } } }
extensions/qa-matrix/package.json+3 −3 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/qa-matrix", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "private": true, "description": "OpenClaw Matrix QA runner plugin", "type": "module", @@ -13,7 +13,7 @@ "openclaw": "workspace:*" }, "peerDependencies": { - "openclaw": ">=2026.5.12-beta.8" + "openclaw": ">=2026.5.12" }, "peerDependenciesMeta": { "openclaw": { @@ -25,7 +25,7 @@ "./index.ts" ], "compat": { - "pluginApi": ">=2026.5.12-beta.8" + "pluginApi": ">=2026.5.12" } } }
extensions/qianfan/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/qianfan-provider", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "private": true, "description": "OpenClaw Qianfan provider plugin", "type": "module",
extensions/qqbot/package.json+4 −4 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/qqbot", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "private": false, "description": "OpenClaw QQ Bot channel plugin", "repository": { @@ -21,7 +21,7 @@ "openclaw": "workspace:*" }, "peerDependencies": { - "openclaw": ">=2026.5.12-beta.8" + "openclaw": ">=2026.5.12" }, "peerDependenciesMeta": { "openclaw": { @@ -50,10 +50,10 @@ "minHostVersion": ">=2026.4.10" }, "compat": { - "pluginApi": ">=2026.5.12-beta.8" + "pluginApi": ">=2026.5.12" }, "build": { - "openclawVersion": "2026.5.12-beta.8" + "openclawVersion": "2026.5.12" }, "release": { "publishToClawHub": true,
extensions/qwen/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/qwen-provider", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "private": true, "description": "OpenClaw Qwen Cloud provider plugin", "type": "module",
extensions/runway/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/runway-provider", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "private": true, "description": "OpenClaw Runway video provider plugin", "type": "module",
extensions/searxng/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/searxng-plugin", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "private": true, "description": "OpenClaw SearXNG plugin", "type": "module",
extensions/senseaudio/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/senseaudio-provider", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "private": true, "description": "OpenClaw SenseAudio media-understanding provider", "type": "module",
extensions/sglang/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/sglang-provider", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "private": true, "description": "OpenClaw SGLang provider plugin", "type": "module",
extensions/signal/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/signal", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "private": true, "description": "OpenClaw Signal channel plugin", "type": "module",
extensions/skill-workshop/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/skill-workshop", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "private": true, "description": "OpenClaw skill workshop plugin", "type": "module",
extensions/slack/package.json+4 −4 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/slack", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "description": "OpenClaw Slack channel plugin", "repository": { "type": "git", @@ -19,7 +19,7 @@ "openclaw": "workspace:*" }, "peerDependencies": { - "openclaw": ">=2026.5.12-beta.8" + "openclaw": ">=2026.5.12" }, "peerDependenciesMeta": { "openclaw": { @@ -63,10 +63,10 @@ "minHostVersion": ">=2026.5.12-beta.6" }, "compat": { - "pluginApi": ">=2026.5.12-beta.8" + "pluginApi": ">=2026.5.12" }, "build": { - "openclawVersion": "2026.5.12-beta.8" + "openclawVersion": "2026.5.12" }, "release": { "publishToClawHub": true,
extensions/speech-core/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/speech-core", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "private": true, "description": "OpenClaw speech runtime package", "type": "module",
extensions/stepfun/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/stepfun-provider", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "private": true, "description": "OpenClaw StepFun provider plugin", "type": "module",
extensions/synology-chat/package.json+3 −3 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/synology-chat", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "description": "Synology Chat channel plugin for OpenClaw", "repository": { "type": "git", @@ -30,10 +30,10 @@ "minHostVersion": ">=2026.4.10" }, "compat": { - "pluginApi": ">=2026.5.12-beta.8" + "pluginApi": ">=2026.5.12" }, "build": { - "openclawVersion": "2026.5.12-beta.8" + "openclawVersion": "2026.5.12" }, "release": { "publishToClawHub": true,
extensions/synthetic/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/synthetic-provider", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "private": true, "description": "OpenClaw Synthetic provider plugin", "type": "module",
extensions/tavily/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/tavily-plugin", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "private": true, "description": "OpenClaw Tavily plugin", "type": "module",
extensions/telegram/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/telegram", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "private": true, "description": "OpenClaw Telegram channel plugin", "type": "module",
extensions/tencent/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/tencent-provider", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "private": true, "description": "OpenClaw Tencent Cloud provider plugin (TokenHub + Token Plan)", "type": "module",
extensions/tlon/package.json+4 −4 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/tlon", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "description": "OpenClaw Tlon/Urbit channel plugin", "repository": { "type": "git", @@ -19,7 +19,7 @@ "openclaw": "workspace:*" }, "peerDependencies": { - "openclaw": ">=2026.5.12-beta.8" + "openclaw": ">=2026.5.12" }, "peerDependenciesMeta": { "openclaw": { @@ -73,10 +73,10 @@ "minHostVersion": ">=2026.4.10" }, "compat": { - "pluginApi": ">=2026.5.12-beta.8" + "pluginApi": ">=2026.5.12" }, "build": { - "openclawVersion": "2026.5.12-beta.8" + "openclawVersion": "2026.5.12" }, "release": { "publishToClawHub": true,
extensions/together/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/together-provider", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "private": true, "description": "OpenClaw Together provider plugin", "type": "module",
extensions/tokenjuice/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/tokenjuice", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "description": "Bundled tokenjuice exec output compaction plugin", "type": "module", "dependencies": {
extensions/tts-local-cli/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/tts-local-cli", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "private": true, "description": "OpenClaw local CLI TTS plugin", "type": "module",
extensions/twitch/package.json+3 −3 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/twitch", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "description": "OpenClaw Twitch channel plugin", "repository": { "type": "git", @@ -27,10 +27,10 @@ "minHostVersion": ">=2026.4.10" }, "compat": { - "pluginApi": ">=2026.5.12-beta.8" + "pluginApi": ">=2026.5.12" }, "build": { - "openclawVersion": "2026.5.12-beta.8" + "openclawVersion": "2026.5.12" }, "channel": { "id": "twitch",
extensions/venice/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/venice-provider", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "private": true, "description": "OpenClaw Venice provider plugin", "type": "module",
extensions/vercel-ai-gateway/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/vercel-ai-gateway-provider", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "private": true, "description": "OpenClaw Vercel AI Gateway provider plugin", "type": "module",
extensions/video-generation-core/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/video-generation-core", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "private": true, "description": "OpenClaw video generation runtime package", "type": "module",
extensions/vllm/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/vllm-provider", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "private": true, "description": "OpenClaw vLLM provider plugin", "type": "module",
extensions/voice-call/package.json+4 −4 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/voice-call", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "description": "OpenClaw voice-call plugin", "repository": { "type": "git", @@ -18,7 +18,7 @@ "openclaw": "workspace:*" }, "peerDependencies": { - "openclaw": ">=2026.5.12-beta.8" + "openclaw": ">=2026.5.12" }, "peerDependenciesMeta": { "openclaw": { @@ -35,10 +35,10 @@ "minHostVersion": ">=2026.4.10" }, "compat": { - "pluginApi": ">=2026.5.12-beta.8" + "pluginApi": ">=2026.5.12" }, "build": { - "openclawVersion": "2026.5.12-beta.8" + "openclawVersion": "2026.5.12" }, "release": { "publishToClawHub": true,
extensions/volcengine/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/volcengine-provider", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "private": true, "description": "OpenClaw Volcengine provider plugin", "type": "module",
extensions/voyage/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/voyage-provider", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "private": true, "description": "OpenClaw Voyage embedding provider plugin", "type": "module",
extensions/vydra/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/vydra-provider", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "private": true, "description": "OpenClaw Vydra media provider plugin", "type": "module",
extensions/webhooks/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/webhooks", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "private": true, "description": "OpenClaw webhook bridge plugin", "type": "module",
extensions/web-readability/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/web-readability-plugin", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "private": true, "description": "OpenClaw local Readability web extraction plugin", "type": "module",
extensions/whatsapp/package.json+4 −4 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/whatsapp", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "description": "OpenClaw WhatsApp channel plugin", "repository": { "type": "git", @@ -20,7 +20,7 @@ "openclaw": "workspace:*" }, "peerDependencies": { - "openclaw": ">=2026.5.12-beta.8" + "openclaw": ">=2026.5.12" }, "peerDependenciesMeta": { "openclaw": { @@ -63,10 +63,10 @@ "minHostVersion": ">=2026.4.25" }, "compat": { - "pluginApi": ">=2026.5.12-beta.8" + "pluginApi": ">=2026.5.12" }, "build": { - "openclawVersion": "2026.5.12-beta.8" + "openclawVersion": "2026.5.12" }, "release": { "publishToClawHub": true,
extensions/xai/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/xai-plugin", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "private": true, "description": "OpenClaw xAI plugin", "type": "module",
extensions/xiaomi/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/xiaomi-provider", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "private": true, "description": "OpenClaw Xiaomi provider plugin", "type": "module",
extensions/zai/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/zai-provider", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "private": true, "description": "OpenClaw Z.AI provider plugin", "type": "module",
extensions/zalo/package.json+4 −4 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/zalo", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "description": "OpenClaw Zalo channel plugin", "repository": { "type": "git", @@ -12,7 +12,7 @@ "openclaw": "workspace:*" }, "peerDependencies": { - "openclaw": ">=2026.5.12-beta.8" + "openclaw": ">=2026.5.12" }, "peerDependenciesMeta": { "openclaw": { @@ -43,10 +43,10 @@ "minHostVersion": ">=2026.4.10" }, "compat": { - "pluginApi": ">=2026.5.12-beta.8" + "pluginApi": ">=2026.5.12" }, "build": { - "openclawVersion": "2026.5.12-beta.8" + "openclawVersion": "2026.5.12" }, "release": { "publishToClawHub": true,
extensions/zalouser/package.json+4 −4 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/zalouser", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "description": "OpenClaw Zalo Personal Account plugin via native zca-js integration", "repository": { "type": "git", @@ -17,7 +17,7 @@ "openclaw": "workspace:*" }, "peerDependencies": { - "openclaw": ">=2026.5.12-beta.8" + "openclaw": ">=2026.5.12" }, "peerDependenciesMeta": { "openclaw": { @@ -54,10 +54,10 @@ "minHostVersion": ">=2026.4.10" }, "compat": { - "pluginApi": ">=2026.5.12-beta.8" + "pluginApi": ">=2026.5.12" }, "build": { - "openclawVersion": "2026.5.12-beta.8" + "openclawVersion": "2026.5.12" }, "release": { "publishToClawHub": true,
package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "openclaw", - "version": "2026.5.12-beta.8", + "version": "2026.5.12", "description": "Multi-channel AI gateway with extensible messaging integrations", "keywords": [], "homepage": "https://github.com/openclaw/openclaw#readme",
Vulnerability mechanics
Root cause
"Missing authorization check in the Slack plugin approval gate allows exec-authorized users to resolve plugin approvals through the exec approver gate, bypassing intended approval splits."
Attack vector
An attacker with limited exec approval permissions can resolve plugin approvals through the exec approver gate, bypassing the intended approval split that should require separate authorization for plugin actions outside the operator's configuration. The vulnerability is exploitable over the network with low privileges and no user interaction, as reflected in the CVSS vector (AV:N/AC:L/PR:L/UI:N). The advisory does not specify the exact payload shape or API endpoint used.
Affected code
The patch [patch_id=3102120] only modifies version strings in extension package.json files (nostr, google-meet, zalouser, googlechat, line, zalo, matrix, whatsapp, voice-call, feishu). The actual vulnerable code path — the Slack plugin approval gate authorization logic — is not shown in the supplied patch. The advisory indicates the flaw exists in how exec-authorized users interact with the exec approver gate for plugin approvals.
What the fix does
The patch [patch_id=3102120] is a release preparation commit that bumps version strings from beta (2026.5.12-beta.8) to the stable release (2026.5.12) across all extension package.json files. The diff does not contain any code changes to the authorization logic for Slack plugin approvals. The advisory describes a privilege escalation vulnerability, but the provided patch does not show the actual fix — it only updates version metadata. No remediation guidance is visible in the supplied patch.
Preconditions
- authAttacker must have exec-authorized user privileges in OpenClaw
- networkNetwork access to the OpenClaw instance
Generated on May 29, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
2News mentions
0No linked articles in our index yet.