OpenClaw has released version 2026.2.17 with significant enhancements, including support for Anthropic’s Claude Sonnet 4.6 model.
Expanded context windows, though the update arrives as the AI agent framework continues facing scrutiny over critical security vulnerabilities involving credential theft and remote code execution.
The latest release introduces opt-in support for Anthropic’s 1-million-token context window via a beta header feature for Opus and Sonnet models, alongside native integration of the newly launched Claude Sonnet 4.6 model.
Released by developer steipete on February 17, 2026, the update includes forward-compatibility fallbacks for environments where upstream catalogs haven’t yet exposed Sonnet 4.6, ensuring seamless deployment across different configurations.
New Anthropic Model Support
OpenClaw continues to face serious security challenges despite ongoing patches.
CVE-2026-25253, a critical vulnerability patched in version 2026.1.29, enabled one-click remote code execution through improper handling of authentication tokens and WebSocket connections.
Security researchers demonstrated how attackers could exploit token leakage and Cross-Site WebSocket Hijacking to execute arbitrary shell commands on host systems, achieving full compromise through a single malicious link.
| Category | Feature |
|---|---|
| Anthropic Models | Supports big 1M context window; Claude Sonnet 4.6 works with fallback |
| Subagents | /subagents spawn starts extra agents |
| iOS Share/Talk Mode | Share text, URLs, images; keep Talk Mode on in background; turn off voice hints |
| Slack Integration | Stream messages; preview drafts |
| Telegram | Buttons (primary/success/danger); reactions tracked |
| iMessage | Reply to messages with proper tags |
| Discord | /exec commands with autocomplete; reusable buttons; control who can click buttons |
| Cron/Gateway | Webhooks per job; scheduled jobs staggered; logs usage |
| Web Tools | Allowlist URLs for search and fetch tools |
| Browser Config | Custom Chrome startup settings |
| Voice Call | Preloaded greetings for faster playback |
| Mattermost | Emoji reactions with notifications |
| Memory Search | Better search with fallback and query expansion |
| Z.AI Integration | Streaming tool calls by default, can turn off |
| Feishu/Bitable | Tools to create apps and fields automatically |
| Docker | Option to install Chrome + Xvfb when building |
A comprehensive security audit conducted in late January 2026 identified 512 vulnerabilities in the framework, of which 8 were classified as critical.
The OpenClaw skills marketplace has become a vector for credential theft and malware distribution.
| Issue | Description |
|---|---|
| Unrestricted System Access | Agents can execute shell commands without security boundaries |
| Misconfigured Admin Interfaces | Admin interfaces exposed online without authentication |
| Prompt Injection Attacks | Attacks that trick systems into revealing sensitive data |
According to OpenClaw advisory, that approximately 336 malicious plugins were uploaded among 3,000 ClawHub skill samples, representing a 10.8 percent infection rate.
These malicious skills masqueraded as trading bots and financial assistants while deploying stealers that exfiltrate cryptocurrency wallet data, macOS Keychain credentials, browser passwords, and cloud service tokens using ClickFix social engineering techniques.
Beyond Anthropic integration, version 2026.2.17 delivers substantial improvements across messaging platforms and automation workflows.
The release adds native single-message text streaming for Slack, with configurable draft preview modes; iOS share extension functionality for direct content forwarding; and enhanced subagent spawning capabilities via deterministic chat commands.
Additional features include URL allowlists for web search and fetch tools, cron job webhook delivery with usage telemetry tracking, and Discord interactive component improvements with reusable buttons and per-button user access controls.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
