What changed in OpenClaw v2026.3.23?

The biggest changes are the complete removal of the legacy Chrome extension relay path and making ClawHub the default plugin source over npm. Both are breaking changes that affect browser automation and plugin installation workflows.

How do I fix Chrome breakage after upgrading to v2026.3.23?

Run openclaw doctor --fix after upgrading. This auto-migrates browser config from the removed driver extension path to existing-session or user mode. Docker, headless, and sandbox flows are unaffected.

Why did OpenClaw make ClawHub the default plugin source?

Previously, openclaw plugins install preferred npm, causing confusion between general JavaScript libraries and AI agent plugins. ClawHub provides community-vetted, security-hardened versions designed for the Plugin SDK.

What is the latest stable OpenClaw version?

As of late March 2026, the latest stable release is v2026.3.23-2, which includes follow-up patches restoring WhatsApp and Matrix runtime entries and hardening authentication flows.

Were there other breaking changes in v2026.3.23?

Yes, legacy CLAWDBOT_* and MOLTBOT_* environment variables were removed with no compatibility shim in v2026.3.22. All must be renamed to OPENCLAW_* equivalents.

← Back to dashboard

clawsmith.com/signal/openclaw-v2026-3-23-chrome-removal-clawhub-default

📈 TrendsUnknownFrameworkLive

OpenClaw v2026.3.23: Chrome Extension Relay Removed, ClawHub Becomes Default Plugin Source

The Great Browser Migration — OpenClaw v2026.3.23 completely removes the legacy Chrome extension relay path and makes ClawHub the default plugin source over npm. Breaking change for Chrome automation users. Follow-up to v2026.3.22 with rapid-fire patches.

Product Idea from this Signal

A security layer that vets ClawHub skills for malware and prompt injection before your agent installs them

79.8k ▲

ClawHub grew 380% to 13,729 skills in Q1 2026. Snyk found 36% contain prompt injection and 1,467 carry malicious payloads. The ClawHavoc campaign planted 1,184 weaponized skills in the marketplace. VirusTotal integration catches known malware but misses novel prompt injection, data exfiltration via tool outputs, and social engineering patterns unique to AI agent skills. This tool performs deep behavioral analysis of every skill before installation, catching threats that signature-based scanners miss.

SECURITYCLIDEVTOOLOPEN-SOURCE

CompetitiveView Opportunity →