High severity8.8NVD Advisory· Published May 29, 2026· Updated May 29, 2026
CVE-2026-35674
CVE-2026-35674
Description
OpenClaw before 2026.5.18 contains a scope bypass vulnerability in the Gateway chat.send route that allows scoped clients to execute privileged commands. Attackers with operator.write scope can deliver commands through inherited external routes to bypass operator.approvals and operator.admin scope requirements, enabling unauthorized plugin, config, MCP, allowlist, and ACP mutations.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
OpenClaw before 2026.5.18 lets operator.write scoped clients bypass command scope checks via inherited external chat.send routes, enabling unauthorized admin-level mutations.
Vulnerability
OpenClaw before version 2026.5.18 contains a scope bypass vulnerability in the Gateway chat.send route. When a scoped Gateway caller with operator.write uses chat.send to deliver commands into a session that has an inherited external delivery route, the command is evaluated as an external-channel command while carrying the lower Gateway client scopes. This allows commands that should require operator.approvals or operator.admin scopes to run with only operator.write. Affected command families include approval resolution, plugin, config, MCP, allowlist, and ACP mutations [1][2].
Exploitation
An attacker must have a scoped Gateway client with the operator.write scope and the ability to use chat.send with a session that has an inherited external delivery route. The attacker sends a crafted chat.send request that includes a privileged command (e.g., approval resolution or admin mutation). Due to the route inheritance, the server evaluates the command as coming from an external channel but still respects the lower scopes of the Gateway client, bypassing the required higher scopes [1].
Impact
Successful exploitation allows an attacker with only operator.write to execute commands that require operator.approvals or operator.admin. This includes unauthorized approval resolution and mutations of plugins, configuration, MCP, allowlists, and ACP settings. The attacker gains elevated privileges beyond their intended scope [1][2].
Mitigation
The first stable patched version is 2026.5.18, released on 2026-05-18 [1]. Upgrade to openclaw@2026.5.18 or later. As a temporary workaround, avoid granting operator.write tokens to clients that can deliver commands into sessions with external routes, unless those clients are fully trusted with admin-like command effects [1].
References
AI Insight generated on May 29, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2Patches
150a2481652b6chore(release): prepare 2026.5.18 stable
124 files changed · +214 −214
CHANGELOG.md+1 −1 modified@@ -2,7 +2,7 @@ Docs: https://docs.openclaw.ai -## Unreleased +## 2026.5.18 ### Changes
extensions/acpx/package.json+3 −3 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/acpx", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "description": "OpenClaw ACP runtime backend", "repository": { "type": "git", @@ -26,10 +26,10 @@ "minHostVersion": ">=2026.4.25" }, "compat": { - "pluginApi": ">=2026.5.18-beta.1" + "pluginApi": ">=2026.5.18" }, "build": { - "openclawVersion": "2026.5.18-beta.1", + "openclawVersion": "2026.5.18", "staticAssets": [ { "source": "./src/runtime-internals/mcp-proxy.mjs",
extensions/admin-http-rpc/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/admin-http-rpc", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "private": true, "description": "OpenClaw admin HTTP RPC endpoint", "type": "module",
extensions/alibaba/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/alibaba-provider", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "private": true, "description": "OpenClaw Alibaba Model Studio video provider plugin", "type": "module",
extensions/amazon-bedrock-mantle/package.json+3 −3 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/amazon-bedrock-mantle-provider", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "description": "OpenClaw Amazon Bedrock Mantle (OpenAI-compatible) provider plugin", "repository": { "type": "git", @@ -25,10 +25,10 @@ "minHostVersion": ">=2026.5.12-beta.1" }, "compat": { - "pluginApi": ">=2026.5.18-beta.1" + "pluginApi": ">=2026.5.18" }, "build": { - "openclawVersion": "2026.5.18-beta.1", + "openclawVersion": "2026.5.18", "bundledDist": false }, "release": {
extensions/amazon-bedrock/package.json+3 −3 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/amazon-bedrock-provider", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "description": "OpenClaw Amazon Bedrock provider plugin", "repository": { "type": "git", @@ -27,10 +27,10 @@ "minHostVersion": ">=2026.5.12-beta.1" }, "compat": { - "pluginApi": ">=2026.5.18-beta.1" + "pluginApi": ">=2026.5.18" }, "build": { - "openclawVersion": "2026.5.18-beta.1", + "openclawVersion": "2026.5.18", "bundledDist": false }, "release": {
extensions/anthropic/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/anthropic-provider", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "private": true, "description": "OpenClaw Anthropic provider plugin", "type": "module",
extensions/anthropic-vertex/package.json+3 −3 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/anthropic-vertex-provider", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "description": "OpenClaw Anthropic Vertex provider plugin", "repository": { "type": "git", @@ -25,10 +25,10 @@ "minHostVersion": ">=2026.5.12-beta.1" }, "compat": { - "pluginApi": ">=2026.5.18-beta.1" + "pluginApi": ">=2026.5.18" }, "build": { - "openclawVersion": "2026.5.18-beta.1", + "openclawVersion": "2026.5.18", "bundledDist": false }, "release": {
extensions/arcee/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/arcee-provider", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "private": true, "description": "OpenClaw Arcee provider plugin", "type": "module",
extensions/azure-speech/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/azure-speech", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "private": true, "description": "OpenClaw Azure Speech plugin", "type": "module",
extensions/bonjour/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/bonjour", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "description": "OpenClaw Bonjour/mDNS gateway discovery", "type": "module", "dependencies": {
extensions/brave/package.json+3 −3 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/brave-plugin", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "description": "OpenClaw Brave plugin", "repository": { "type": "git", @@ -21,10 +21,10 @@ "allowInvalidConfigRecovery": true }, "compat": { - "pluginApi": ">=2026.5.18-beta.1" + "pluginApi": ">=2026.5.18" }, "build": { - "openclawVersion": "2026.5.18-beta.1" + "openclawVersion": "2026.5.18" }, "release": { "publishToClawHub": true,
extensions/browser/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/browser-plugin", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "private": true, "description": "OpenClaw browser tool plugin", "type": "module",
extensions/byteplus/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/byteplus-provider", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "private": true, "description": "OpenClaw BytePlus provider plugin", "type": "module",
extensions/canvas/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/canvas-plugin", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "private": true, "description": "OpenClaw Canvas plugin", "type": "module",
extensions/cerebras/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/cerebras-provider", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "private": true, "description": "OpenClaw Cerebras provider plugin", "type": "module",
extensions/chutes/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/chutes-provider", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "private": true, "description": "OpenClaw Chutes.ai provider plugin", "type": "module",
extensions/clickclack/package.json+2 −2 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/clickclack", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "private": true, "description": "OpenClaw ClickClack channel plugin", "type": "module", @@ -18,7 +18,7 @@ "openclaw": "workspace:*" }, "peerDependencies": { - "openclaw": ">=2026.5.18-beta.1" + "openclaw": ">=2026.5.18" }, "peerDependenciesMeta": { "openclaw": {
extensions/cloudflare-ai-gateway/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/cloudflare-ai-gateway-provider", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "private": true, "description": "OpenClaw Cloudflare AI Gateway provider plugin", "type": "module",
extensions/codex/package.json+3 −3 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/codex", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "description": "OpenClaw Codex harness and model provider plugin", "repository": { "type": "git", @@ -27,10 +27,10 @@ "minHostVersion": ">=2026.5.1-beta.1" }, "compat": { - "pluginApi": ">=2026.5.18-beta.1" + "pluginApi": ">=2026.5.18" }, "build": { - "openclawVersion": "2026.5.18-beta.1" + "openclawVersion": "2026.5.18" }, "release": { "publishToClawHub": true,
extensions/comfy/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/comfy-provider", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "private": true, "description": "OpenClaw ComfyUI provider plugin", "type": "module",
extensions/copilot-proxy/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/copilot-proxy", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "private": true, "description": "OpenClaw Copilot Proxy provider plugin", "type": "module",
extensions/deepgram/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/deepgram-provider", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "private": true, "description": "OpenClaw Deepgram media-understanding provider", "type": "module",
extensions/deepinfra/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/deepinfra-provider", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "private": true, "description": "OpenClaw DeepInfra provider plugin", "type": "module",
extensions/deepseek/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/deepseek-provider", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "private": true, "description": "OpenClaw DeepSeek provider plugin", "type": "module",
extensions/diagnostics-otel/package.json+3 −3 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/diagnostics-otel", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "description": "OpenClaw diagnostics OpenTelemetry exporter", "repository": { "type": "git", @@ -34,10 +34,10 @@ "minHostVersion": ">=2026.4.25" }, "compat": { - "pluginApi": ">=2026.5.18-beta.1" + "pluginApi": ">=2026.5.18" }, "build": { - "openclawVersion": "2026.5.18-beta.1" + "openclawVersion": "2026.5.18" }, "release": { "publishToClawHub": true,
extensions/diagnostics-prometheus/package.json+3 −3 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/diagnostics-prometheus", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "description": "OpenClaw diagnostics Prometheus exporter", "repository": { "type": "git", @@ -21,10 +21,10 @@ "minHostVersion": ">=2026.4.25" }, "compat": { - "pluginApi": ">=2026.5.18-beta.1" + "pluginApi": ">=2026.5.18" }, "build": { - "openclawVersion": "2026.5.18-beta.1" + "openclawVersion": "2026.5.18" }, "release": { "publishToClawHub": true,
extensions/diffs/package.json+3 −3 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/diffs", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "description": "OpenClaw diff viewer plugin", "repository": { "type": "git", @@ -31,10 +31,10 @@ "minHostVersion": ">=2026.4.30" }, "compat": { - "pluginApi": ">=2026.5.18-beta.1" + "pluginApi": ">=2026.5.18" }, "build": { - "openclawVersion": "2026.5.18-beta.1", + "openclawVersion": "2026.5.18", "staticAssets": [ { "source": "./assets/viewer-runtime.js",
extensions/discord/package.json+4 −4 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/discord", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "description": "OpenClaw Discord channel plugin", "repository": { "type": "git", @@ -21,7 +21,7 @@ "openclaw": "workspace:*" }, "peerDependencies": { - "openclaw": ">=2026.5.18-beta.1" + "openclaw": ">=2026.5.18" }, "peerDependenciesMeta": { "openclaw": { @@ -65,10 +65,10 @@ "allowInvalidConfigRecovery": true }, "compat": { - "pluginApi": ">=2026.5.18-beta.1" + "pluginApi": ">=2026.5.18" }, "build": { - "openclawVersion": "2026.5.18-beta.1" + "openclawVersion": "2026.5.18" }, "release": { "publishToClawHub": true,
extensions/document-extract/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/document-extract-plugin", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "private": true, "description": "OpenClaw local document extraction plugin", "type": "module",
extensions/duckduckgo/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/duckduckgo-plugin", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "private": true, "description": "OpenClaw DuckDuckGo plugin", "type": "module",
extensions/elevenlabs/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/elevenlabs-speech", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "private": true, "description": "OpenClaw ElevenLabs speech plugin", "type": "module",
extensions/exa/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/exa-plugin", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "private": true, "description": "OpenClaw Exa plugin", "type": "module",
extensions/fal/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/fal-provider", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "private": true, "description": "OpenClaw fal provider plugin", "type": "module",
extensions/feishu/package.json+4 −4 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/feishu", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "description": "OpenClaw Feishu/Lark channel plugin (community maintained by @m1heng)", "repository": { "type": "git", @@ -17,7 +17,7 @@ "openclaw": "workspace:*" }, "peerDependencies": { - "openclaw": ">=2026.5.18-beta.1" + "openclaw": ">=2026.5.18" }, "peerDependenciesMeta": { "openclaw": { @@ -48,10 +48,10 @@ "minHostVersion": ">=2026.4.25" }, "compat": { - "pluginApi": ">=2026.5.18-beta.1" + "pluginApi": ">=2026.5.18" }, "build": { - "openclawVersion": "2026.5.18-beta.1" + "openclawVersion": "2026.5.18" }, "release": { "publishToClawHub": true,
extensions/file-transfer/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/file-transfer", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "description": "OpenClaw file transfer plugin (file_fetch, dir_list, dir_fetch, file_write)", "type": "module", "dependencies": {
extensions/firecrawl/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/firecrawl-plugin", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "private": true, "description": "OpenClaw Firecrawl plugin", "type": "module",
extensions/fireworks/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/fireworks-provider", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "private": true, "description": "OpenClaw Fireworks provider plugin", "type": "module",
extensions/github-copilot/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/github-copilot-provider", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "private": true, "description": "OpenClaw GitHub Copilot provider plugin", "type": "module",
extensions/googlechat/package.json+4 −4 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/googlechat", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "description": "OpenClaw Google Chat channel plugin", "repository": { "type": "git", @@ -17,7 +17,7 @@ "openclaw": "workspace:*" }, "peerDependencies": { - "openclaw": ">=2026.5.18-beta.1" + "openclaw": ">=2026.5.18" }, "peerDependenciesMeta": { "openclaw": { @@ -75,10 +75,10 @@ "minHostVersion": ">=2026.4.10" }, "compat": { - "pluginApi": ">=2026.5.18-beta.1" + "pluginApi": ">=2026.5.18" }, "build": { - "openclawVersion": "2026.5.18-beta.1" + "openclawVersion": "2026.5.18" }, "release": { "publishToClawHub": true,
extensions/google-meet/package.json+4 −4 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/google-meet", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "description": "OpenClaw Google Meet participant plugin", "repository": { "type": "git", @@ -16,7 +16,7 @@ "openclaw": "workspace:*" }, "peerDependencies": { - "openclaw": ">=2026.5.18-beta.1" + "openclaw": ">=2026.5.18" }, "peerDependenciesMeta": { "openclaw": { @@ -33,10 +33,10 @@ "minHostVersion": ">=2026.4.20" }, "compat": { - "pluginApi": ">=2026.5.18-beta.1" + "pluginApi": ">=2026.5.18" }, "build": { - "openclawVersion": "2026.5.18-beta.1" + "openclawVersion": "2026.5.18" }, "release": { "publishToClawHub": true,
extensions/google/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/google-plugin", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "private": true, "description": "OpenClaw Google plugin", "type": "module",
extensions/gradium/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/gradium-speech", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "private": true, "description": "OpenClaw Gradium speech plugin", "type": "module",
extensions/groq/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/groq-provider", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "private": true, "description": "OpenClaw Groq media-understanding provider", "type": "module",
extensions/huggingface/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/huggingface-provider", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "private": true, "description": "OpenClaw Hugging Face provider plugin", "type": "module",
extensions/image-generation-core/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/image-generation-core", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "private": true, "description": "OpenClaw image generation runtime package", "type": "module",
extensions/imessage/package.json+3 −3 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/imessage", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "private": true, "description": "OpenClaw iMessage channel plugin using imsg on a signed-in Mac", "type": "module", @@ -40,10 +40,10 @@ ] }, "compat": { - "pluginApi": ">=2026.5.18-beta.1" + "pluginApi": ">=2026.5.18" }, "build": { - "openclawVersion": "2026.5.18-beta.1" + "openclawVersion": "2026.5.18" } }, "pluginInspector": {
extensions/inworld/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/inworld-speech", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "private": true, "description": "OpenClaw Inworld speech plugin", "type": "module",
extensions/irc/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/irc", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "description": "OpenClaw IRC channel plugin", "type": "module", "devDependencies": {
extensions/kilocode/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/kilocode-provider", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "private": true, "description": "OpenClaw Kilo Gateway provider plugin", "type": "module",
extensions/kimi-coding/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/kimi-provider", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "private": true, "description": "OpenClaw Kimi provider plugin", "type": "module",
extensions/line/package.json+4 −4 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/line", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "description": "OpenClaw LINE channel plugin", "repository": { "type": "git", @@ -16,7 +16,7 @@ "openclaw": "workspace:*" }, "peerDependencies": { - "openclaw": ">=2026.5.18-beta.1" + "openclaw": ">=2026.5.18" }, "peerDependenciesMeta": { "openclaw": { @@ -46,10 +46,10 @@ "minHostVersion": ">=2026.4.10" }, "compat": { - "pluginApi": ">=2026.5.18-beta.1" + "pluginApi": ">=2026.5.18" }, "build": { - "openclawVersion": "2026.5.18-beta.1" + "openclawVersion": "2026.5.18" }, "release": { "publishToClawHub": true,
extensions/litellm/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/litellm-provider", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "private": true, "description": "OpenClaw LiteLLM provider plugin", "type": "module",
extensions/llm-task/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/llm-task", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "private": true, "description": "OpenClaw JSON-only LLM task plugin", "type": "module",
extensions/lmstudio/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/lmstudio-provider", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "private": true, "description": "OpenClaw LM Studio provider plugin", "type": "module",
extensions/lobster/package.json+3 −3 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/lobster", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "description": "Lobster workflow tool plugin (typed pipelines + resumable approvals)", "repository": { "type": "git", @@ -25,10 +25,10 @@ "minHostVersion": ">=2026.4.25" }, "compat": { - "pluginApi": ">=2026.5.18-beta.1" + "pluginApi": ">=2026.5.18" }, "build": { - "openclawVersion": "2026.5.18-beta.1" + "openclawVersion": "2026.5.18" }, "release": { "publishToClawHub": true,
extensions/matrix/package.json+4 −4 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/matrix", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "description": "OpenClaw Matrix channel plugin", "repository": { "type": "git", @@ -22,7 +22,7 @@ "openclaw": "workspace:*" }, "peerDependencies": { - "openclaw": ">=2026.5.18-beta.1" + "openclaw": ">=2026.5.18" }, "peerDependenciesMeta": { "openclaw": { @@ -87,10 +87,10 @@ "allowInvalidConfigRecovery": true }, "compat": { - "pluginApi": ">=2026.5.18-beta.1" + "pluginApi": ">=2026.5.18" }, "build": { - "openclawVersion": "2026.5.18-beta.1" + "openclawVersion": "2026.5.18" }, "release": { "publishToClawHub": true,
extensions/mattermost/package.json+2 −2 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/mattermost", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "description": "OpenClaw Mattermost channel plugin", "repository": { "type": "git", @@ -16,7 +16,7 @@ "openclaw": "workspace:*" }, "peerDependencies": { - "openclaw": ">=2026.5.18-beta.1" + "openclaw": ">=2026.5.18" }, "peerDependenciesMeta": { "openclaw": {
extensions/media-understanding-core/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/media-understanding-core", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "private": true, "description": "OpenClaw media understanding runtime package", "type": "module",
extensions/memory-core/package.json+2 −2 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/memory-core", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "private": true, "description": "OpenClaw core memory search plugin", "type": "module", @@ -14,7 +14,7 @@ "openclaw": "workspace:*" }, "peerDependencies": { - "openclaw": ">=2026.5.18-beta.1" + "openclaw": ">=2026.5.18" }, "peerDependenciesMeta": { "openclaw": {
extensions/memory-lancedb/package.json+3 −3 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/memory-lancedb", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "description": "OpenClaw LanceDB-backed long-term memory plugin with auto-recall/capture", "repository": { "type": "git", @@ -26,10 +26,10 @@ "minHostVersion": ">=2026.4.10" }, "compat": { - "pluginApi": ">=2026.5.18-beta.1" + "pluginApi": ">=2026.5.18" }, "build": { - "openclawVersion": "2026.5.18-beta.1" + "openclawVersion": "2026.5.18" }, "release": { "publishToClawHub": true,
extensions/memory-wiki/package.json+2 −2 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/memory-wiki", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "private": true, "description": "OpenClaw persistent wiki plugin", "type": "module", @@ -14,7 +14,7 @@ "openclaw": "workspace:*" }, "peerDependencies": { - "openclaw": ">=2026.5.18-beta.1" + "openclaw": ">=2026.5.18" }, "peerDependenciesMeta": { "openclaw": {
extensions/microsoft-foundry/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/microsoft-foundry", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "private": true, "description": "OpenClaw Microsoft Foundry provider plugin", "type": "module",
extensions/microsoft/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/microsoft-speech", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "private": true, "description": "OpenClaw Microsoft speech plugin", "type": "module",
extensions/migrate-claude/package.json+2 −2 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/migrate-claude", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "private": true, "description": "Claude to OpenClaw migration provider", "type": "module", @@ -9,7 +9,7 @@ "openclaw": "workspace:*" }, "peerDependencies": { - "openclaw": ">=2026.5.18-beta.1" + "openclaw": ">=2026.5.18" }, "peerDependenciesMeta": { "openclaw": {
extensions/migrate-hermes/package.json+2 −2 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/migrate-hermes", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "private": true, "description": "Hermes to OpenClaw migration provider", "type": "module", @@ -12,7 +12,7 @@ "openclaw": "workspace:*" }, "peerDependencies": { - "openclaw": ">=2026.5.18-beta.1" + "openclaw": ">=2026.5.18" }, "peerDependenciesMeta": { "openclaw": {
extensions/minimax/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/minimax-provider", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "private": true, "description": "OpenClaw MiniMax provider and OAuth plugin", "type": "module",
extensions/mistral/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/mistral-provider", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "private": true, "description": "OpenClaw Mistral provider plugin", "type": "module",
extensions/moonshot/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/moonshot-provider", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "private": true, "description": "OpenClaw Moonshot provider plugin", "type": "module",
extensions/msteams/package.json+4 −4 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/msteams", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "description": "OpenClaw Microsoft Teams channel plugin", "repository": { "type": "git", @@ -22,7 +22,7 @@ "openclaw": "workspace:*" }, "peerDependencies": { - "openclaw": ">=2026.5.18-beta.1" + "openclaw": ">=2026.5.18" }, "peerDependenciesMeta": { "openclaw": { @@ -58,10 +58,10 @@ "minHostVersion": ">=2026.4.10" }, "compat": { - "pluginApi": ">=2026.5.18-beta.1" + "pluginApi": ">=2026.5.18" }, "build": { - "openclawVersion": "2026.5.18-beta.1" + "openclawVersion": "2026.5.18" }, "release": { "publishToClawHub": true,
extensions/nextcloud-talk/package.json+4 −4 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/nextcloud-talk", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "description": "OpenClaw Nextcloud Talk channel plugin", "repository": { "type": "git", @@ -12,7 +12,7 @@ "openclaw": "workspace:*" }, "peerDependencies": { - "openclaw": ">=2026.5.18-beta.1" + "openclaw": ">=2026.5.18" }, "peerDependenciesMeta": { "openclaw": { @@ -44,10 +44,10 @@ "minHostVersion": ">=2026.4.10" }, "compat": { - "pluginApi": ">=2026.5.18-beta.1" + "pluginApi": ">=2026.5.18" }, "build": { - "openclawVersion": "2026.5.18-beta.1" + "openclawVersion": "2026.5.18" }, "release": { "publishToClawHub": true,
extensions/nostr/package.json+4 −4 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/nostr", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "description": "OpenClaw Nostr channel plugin for NIP-04 encrypted DMs", "repository": { "type": "git", @@ -16,7 +16,7 @@ "openclaw": "workspace:*" }, "peerDependencies": { - "openclaw": ">=2026.5.18-beta.1" + "openclaw": ">=2026.5.18" }, "peerDependenciesMeta": { "openclaw": { @@ -54,10 +54,10 @@ "minHostVersion": ">=2026.4.10" }, "compat": { - "pluginApi": ">=2026.5.18-beta.1" + "pluginApi": ">=2026.5.18" }, "build": { - "openclawVersion": "2026.5.18-beta.1" + "openclawVersion": "2026.5.18" }, "release": { "publishToClawHub": true,
extensions/nvidia/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/nvidia-provider", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "private": true, "description": "OpenClaw NVIDIA provider plugin", "type": "module",
extensions/oc-path/package.json+2 −2 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/oc-path", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "private": true, "description": "OpenClaw oc:// workspace path plugin", "type": "module", @@ -15,7 +15,7 @@ "openclaw": "workspace:*" }, "peerDependencies": { - "openclaw": ">=2026.5.18-beta.1" + "openclaw": ">=2026.5.18" }, "peerDependenciesMeta": { "openclaw": {
extensions/ollama/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/ollama-provider", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "private": true, "description": "OpenClaw Ollama provider plugin", "type": "module",
extensions/openai/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/openai-provider", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "private": true, "description": "OpenClaw OpenAI provider plugins", "type": "module",
extensions/opencode-go/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/opencode-go-provider", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "private": true, "description": "OpenClaw OpenCode Go provider plugin", "type": "module",
extensions/opencode/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/opencode-provider", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "private": true, "description": "OpenClaw OpenCode Zen provider plugin", "type": "module",
extensions/open-prose/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/open-prose", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "private": true, "description": "OpenProse VM skill pack plugin (slash command + telemetry).", "type": "module",
extensions/openrouter/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/openrouter-provider", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "private": true, "description": "OpenClaw OpenRouter provider plugin", "type": "module",
extensions/openshell/package.json+3 −3 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/openshell-sandbox", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "description": "OpenClaw OpenShell sandbox backend", "repository": { "type": "git", @@ -24,10 +24,10 @@ "minHostVersion": ">=2026.5.12-beta.1" }, "compat": { - "pluginApi": ">=2026.5.18-beta.1" + "pluginApi": ">=2026.5.18" }, "build": { - "openclawVersion": "2026.5.18-beta.1", + "openclawVersion": "2026.5.18", "bundledDist": false }, "release": {
extensions/perplexity/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/perplexity-plugin", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "private": true, "description": "OpenClaw Perplexity plugin", "type": "module",
extensions/qa-channel/package.json+2 −2 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/qa-channel", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "private": true, "description": "OpenClaw QA synthetic channel plugin", "type": "module", @@ -19,7 +19,7 @@ "openclaw": "workspace:*" }, "peerDependencies": { - "openclaw": ">=2026.5.18-beta.1" + "openclaw": ">=2026.5.18" }, "peerDependenciesMeta": { "openclaw": {
extensions/qa-lab/package.json+3 −3 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/qa-lab", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "private": true, "description": "OpenClaw QA lab plugin with private debugger UI and scenario runner", "type": "module", @@ -19,7 +19,7 @@ "openclaw": "workspace:*" }, "peerDependencies": { - "openclaw": ">=2026.5.18-beta.1" + "openclaw": ">=2026.5.18" }, "peerDependenciesMeta": { "openclaw": { @@ -31,7 +31,7 @@ "./index.ts" ], "compat": { - "pluginApi": ">=2026.5.18-beta.1" + "pluginApi": ">=2026.5.18" } } }
extensions/qa-matrix/package.json+3 −3 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/qa-matrix", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "private": true, "description": "OpenClaw Matrix QA runner plugin", "type": "module", @@ -13,7 +13,7 @@ "openclaw": "workspace:*" }, "peerDependencies": { - "openclaw": ">=2026.5.18-beta.1" + "openclaw": ">=2026.5.18" }, "peerDependenciesMeta": { "openclaw": { @@ -25,7 +25,7 @@ "./index.ts" ], "compat": { - "pluginApi": ">=2026.5.18-beta.1" + "pluginApi": ">=2026.5.18" } } }
extensions/qianfan/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/qianfan-provider", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "private": true, "description": "OpenClaw Qianfan provider plugin", "type": "module",
extensions/qqbot/package.json+4 −4 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/qqbot", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "private": false, "description": "OpenClaw QQ Bot channel plugin", "repository": { @@ -21,7 +21,7 @@ "openclaw": "workspace:*" }, "peerDependencies": { - "openclaw": ">=2026.5.18-beta.1" + "openclaw": ">=2026.5.18" }, "peerDependenciesMeta": { "openclaw": { @@ -50,10 +50,10 @@ "minHostVersion": ">=2026.4.10" }, "compat": { - "pluginApi": ">=2026.5.18-beta.1" + "pluginApi": ">=2026.5.18" }, "build": { - "openclawVersion": "2026.5.18-beta.1" + "openclawVersion": "2026.5.18" }, "release": { "publishToClawHub": true,
extensions/qwen/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/qwen-provider", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "private": true, "description": "OpenClaw Qwen Cloud provider plugin", "type": "module",
extensions/runway/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/runway-provider", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "private": true, "description": "OpenClaw Runway video provider plugin", "type": "module",
extensions/searxng/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/searxng-plugin", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "private": true, "description": "OpenClaw SearXNG plugin", "type": "module",
extensions/senseaudio/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/senseaudio-provider", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "private": true, "description": "OpenClaw SenseAudio media-understanding provider", "type": "module",
extensions/sglang/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/sglang-provider", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "private": true, "description": "OpenClaw SGLang provider plugin", "type": "module",
extensions/signal/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/signal", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "private": true, "description": "OpenClaw Signal channel plugin", "type": "module",
extensions/skill-workshop/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/skill-workshop", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "private": true, "description": "OpenClaw skill workshop plugin", "type": "module",
extensions/slack/package.json+4 −4 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/slack", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "description": "OpenClaw Slack channel plugin", "repository": { "type": "git", @@ -20,7 +20,7 @@ "openclaw": "workspace:*" }, "peerDependencies": { - "openclaw": ">=2026.5.18-beta.1" + "openclaw": ">=2026.5.18" }, "peerDependenciesMeta": { "openclaw": { @@ -65,10 +65,10 @@ "allowInvalidConfigRecovery": true }, "compat": { - "pluginApi": ">=2026.5.18-beta.1" + "pluginApi": ">=2026.5.18" }, "build": { - "openclawVersion": "2026.5.18-beta.1", + "openclawVersion": "2026.5.18", "bundledDist": false }, "release": {
extensions/speech-core/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/speech-core", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "private": true, "description": "OpenClaw speech runtime package", "type": "module",
extensions/stepfun/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/stepfun-provider", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "private": true, "description": "OpenClaw StepFun provider plugin", "type": "module",
extensions/synology-chat/package.json+3 −3 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/synology-chat", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "description": "Synology Chat channel plugin for OpenClaw", "repository": { "type": "git", @@ -30,10 +30,10 @@ "minHostVersion": ">=2026.4.10" }, "compat": { - "pluginApi": ">=2026.5.18-beta.1" + "pluginApi": ">=2026.5.18" }, "build": { - "openclawVersion": "2026.5.18-beta.1" + "openclawVersion": "2026.5.18" }, "release": { "publishToClawHub": true,
extensions/synthetic/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/synthetic-provider", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "private": true, "description": "OpenClaw Synthetic provider plugin", "type": "module",
extensions/tavily/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/tavily-plugin", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "private": true, "description": "OpenClaw Tavily plugin", "type": "module",
extensions/telegram/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/telegram", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "private": true, "description": "OpenClaw Telegram channel plugin", "type": "module",
extensions/tencent/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/tencent-provider", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "private": true, "description": "OpenClaw Tencent Cloud provider plugin (TokenHub + Token Plan)", "type": "module",
extensions/tlon/package.json+4 −4 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/tlon", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "description": "OpenClaw Tlon/Urbit channel plugin", "repository": { "type": "git", @@ -19,7 +19,7 @@ "openclaw": "workspace:*" }, "peerDependencies": { - "openclaw": ">=2026.5.18-beta.1" + "openclaw": ">=2026.5.18" }, "peerDependenciesMeta": { "openclaw": { @@ -73,10 +73,10 @@ "minHostVersion": ">=2026.4.10" }, "compat": { - "pluginApi": ">=2026.5.18-beta.1" + "pluginApi": ">=2026.5.18" }, "build": { - "openclawVersion": "2026.5.18-beta.1" + "openclawVersion": "2026.5.18" }, "release": { "publishToClawHub": true,
extensions/together/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/together-provider", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "private": true, "description": "OpenClaw Together provider plugin", "type": "module",
extensions/tokenjuice/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/tokenjuice", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "description": "Bundled tokenjuice exec output compaction plugin", "type": "module", "dependencies": {
extensions/tts-local-cli/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/tts-local-cli", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "private": true, "description": "OpenClaw local CLI TTS plugin", "type": "module",
extensions/twitch/package.json+3 −3 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/twitch", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "description": "OpenClaw Twitch channel plugin", "repository": { "type": "git", @@ -27,10 +27,10 @@ "minHostVersion": ">=2026.4.10" }, "compat": { - "pluginApi": ">=2026.5.18-beta.1" + "pluginApi": ">=2026.5.18" }, "build": { - "openclawVersion": "2026.5.18-beta.1" + "openclawVersion": "2026.5.18" }, "channel": { "id": "twitch",
extensions/venice/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/venice-provider", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "private": true, "description": "OpenClaw Venice provider plugin", "type": "module",
extensions/vercel-ai-gateway/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/vercel-ai-gateway-provider", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "private": true, "description": "OpenClaw Vercel AI Gateway provider plugin", "type": "module",
extensions/video-generation-core/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/video-generation-core", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "private": true, "description": "OpenClaw video generation runtime package", "type": "module",
extensions/vllm/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/vllm-provider", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "private": true, "description": "OpenClaw vLLM provider plugin", "type": "module",
extensions/voice-call/package.json+4 −4 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/voice-call", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "description": "OpenClaw voice-call plugin", "repository": { "type": "git", @@ -18,7 +18,7 @@ "openclaw": "workspace:*" }, "peerDependencies": { - "openclaw": ">=2026.5.18-beta.1" + "openclaw": ">=2026.5.18" }, "peerDependenciesMeta": { "openclaw": { @@ -35,10 +35,10 @@ "minHostVersion": ">=2026.4.10" }, "compat": { - "pluginApi": ">=2026.5.18-beta.1" + "pluginApi": ">=2026.5.18" }, "build": { - "openclawVersion": "2026.5.18-beta.1" + "openclawVersion": "2026.5.18" }, "release": { "publishToClawHub": true,
extensions/volcengine/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/volcengine-provider", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "private": true, "description": "OpenClaw Volcengine provider plugin", "type": "module",
extensions/voyage/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/voyage-provider", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "private": true, "description": "OpenClaw Voyage embedding provider plugin", "type": "module",
extensions/vydra/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/vydra-provider", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "private": true, "description": "OpenClaw Vydra media provider plugin", "type": "module",
extensions/webhooks/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/webhooks", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "private": true, "description": "OpenClaw webhook bridge plugin", "type": "module",
extensions/web-readability/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/web-readability-plugin", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "private": true, "description": "OpenClaw local Readability web extraction plugin", "type": "module",
extensions/whatsapp/package.json+4 −4 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/whatsapp", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "description": "OpenClaw WhatsApp channel plugin", "repository": { "type": "git", @@ -19,7 +19,7 @@ "openclaw": "workspace:*" }, "peerDependencies": { - "openclaw": ">=2026.5.18-beta.1" + "openclaw": ">=2026.5.18" }, "peerDependenciesMeta": { "openclaw": { @@ -62,10 +62,10 @@ "minHostVersion": ">=2026.4.25" }, "compat": { - "pluginApi": ">=2026.5.18-beta.1" + "pluginApi": ">=2026.5.18" }, "build": { - "openclawVersion": "2026.5.18-beta.1" + "openclawVersion": "2026.5.18" }, "release": { "publishToClawHub": true,
extensions/xai/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/xai-plugin", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "private": true, "description": "OpenClaw xAI plugin", "type": "module",
extensions/xiaomi/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/xiaomi-provider", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "private": true, "description": "OpenClaw Xiaomi provider plugin", "type": "module",
extensions/zai/package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/zai-provider", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "private": true, "description": "OpenClaw Z.AI provider plugin", "type": "module",
extensions/zalo/package.json+4 −4 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/zalo", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "description": "OpenClaw Zalo channel plugin", "repository": { "type": "git", @@ -12,7 +12,7 @@ "openclaw": "workspace:*" }, "peerDependencies": { - "openclaw": ">=2026.5.18-beta.1" + "openclaw": ">=2026.5.18" }, "peerDependenciesMeta": { "openclaw": { @@ -43,10 +43,10 @@ "minHostVersion": ">=2026.4.10" }, "compat": { - "pluginApi": ">=2026.5.18-beta.1" + "pluginApi": ">=2026.5.18" }, "build": { - "openclawVersion": "2026.5.18-beta.1" + "openclawVersion": "2026.5.18" }, "release": { "publishToClawHub": true,
extensions/zalouser/package.json+4 −4 modified@@ -1,6 +1,6 @@ { "name": "@openclaw/zalouser", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "description": "OpenClaw Zalo Personal Account plugin via native zca-js integration", "repository": { "type": "git", @@ -17,7 +17,7 @@ "openclaw": "workspace:*" }, "peerDependencies": { - "openclaw": ">=2026.5.18-beta.1" + "openclaw": ">=2026.5.18" }, "peerDependenciesMeta": { "openclaw": { @@ -54,10 +54,10 @@ "minHostVersion": ">=2026.4.10" }, "compat": { - "pluginApi": ">=2026.5.18-beta.1" + "pluginApi": ">=2026.5.18" }, "build": { - "openclawVersion": "2026.5.18-beta.1" + "openclawVersion": "2026.5.18" }, "release": { "publishToClawHub": true,
package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "openclaw", - "version": "2026.5.18-beta.1", + "version": "2026.5.18", "description": "Multi-channel AI gateway with extensible messaging integrations", "keywords": [], "homepage": "https://github.com/openclaw/openclaw#readme",
Vulnerability mechanics
Root cause
"Scope bypass in the Gateway chat.send route allows clients with operator.write scope to deliver commands through inherited external routes, circumventing operator.approvals and operator.admin scope requirements."
Attack vector
An attacker with operator.write scope sends crafted commands through the Gateway chat.send route. Because the route inherits external routing without re-validating higher-privilege scopes, the attacker can bypass operator.approvals and operator.admin checks [patch_id=3102116]. This enables unauthorized plugin, config, MCP, allowlist, and ACP mutations. The attack is network-accessible (AV:N) with low complexity (AC:L) and requires only low-privilege authentication (PR:L).
Affected code
The patch only touches package.json version strings across 11 extension directories (nostr, google-meet, zalouser, zalo, googlechat, line, whatsapp, matrix, voice-call, feishu) [patch_id=3102116]. The actual vulnerable code path — the Gateway chat.send route and its scope-checking logic — is not shown in this diff.
What the fix does
The patch updates version strings across all extension package.json files from "2026.5.18-beta.1" to "2026.5.18" [patch_id=3102116]. The commit message indicates this is a stable release preparation. The patch does not show the actual code change that closes the scope bypass; the vulnerability fix is presumably included in the broader 2026.5.18 release but is not visible in the version-bump diff alone.
Preconditions
- authAttacker must possess operator.write scope on the OpenClaw instance
- networkAttacker must have network access to the Gateway chat.send route
- configThe Gateway must have external routes configured that inherit scope checks
Generated on May 29, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
2News mentions
0No linked articles in our index yet.