OpenClaw v2026.6.1: Skill Workshop Ships with Plugin Externalization

OpenClaw stable v2026.6.1 released June 3, 2026. Introduces Skill Workshop -- a review-first way to turn agent work into reusable skills. Proposed skills stay pending in PROPOSAL.md until approved with board and today views. Also externalizes Tokenjuice and GitHub Copilot as official plugins. CLI avoids live catalog validation during agent add. Safer plugin installs via operator install policy.

Product Idea from this Signal

A policy enforcement daemon that blocks prompt-injection config rewrites on self-hosted OpenClaw agents running on NVIDIA RTX hardware

435 ▲

OpenClaw agents running on local hardware like NVIDIA RTX Spark and DGX are still vulnerable to prompt-injection attacks that rewrite sandbox policies, plugin permissions, and routing hooks (CVE-2026-35650). Existing solutions are either cloud-only (E2B, Microsoft MXC) or require enterprise Kubernetes stacks (NemoClaw, ClawArmor). Self-hosters on consumer NVIDIA hardware have no lightweight way to enforce immutable security policies. This daemon sits between the LLM and the agent gateway as a sidecar process, validating every config mutation against a locked policy file and rejecting anything that touches sandbox rules, SSRF protections, or filesystem hardening without explicit operator approval.

SECURITYLOCAL-AINVIDIAOPEN-SOURCEDEVTOOLSIDECAR

CompetitiveView Opportunity →