OpenClaw 2026.5.18: Skills, Plugins, and QA-Lab Overhaul

By /
Skills, Plugins & QA-Lab featured image

What Happened

OpenClaw 2026.5.18 ships a focused but powerful set of improvements โ€” new skills, a dramatically expanded QA testing framework, better plugin tooling, tighter security defaults, and dozens of stability fixes across every major channel and runtime.

Key Highlights

๐Ÿ› ๏ธ Plugin SDK: defineToolPlugin

A brand-new defineToolPlugin API lets developers build typed simple tool plugins with generated manifest metadata, optional tool declarations, and context factories. Combined with openclaw plugins build, validate, and init CLI commands, creating plugins has never been easier.

The plugin SDK also gains:

  • Session actions, sendSessionAttachment, and cron-backed session turns
  • Structured image-first extraction with extractStructuredWithModel()
  • Presentation helpers for rich channel rendering
  • Unified model catalog registration for text, image, video, and music providers
  • Filesystem safety helpers through @openclaw/fs-safe

๐ŸŽฎ New Skills Pack

  • Meme Maker โ€” curated template search, local SVG/PNG rendering, Imgflip hosted rendering, and Know Your Meme provenance links
  • Python Debugging โ€” pdb, breakpoint(), post-mortem inspection, and debugpy remote attach
  • Node Inspector Debugging โ€” full Node.js debugging workflow
  • Diagram Maker โ€” fused diagram generation from descriptions
  • Spike โ€” throwaway workflow skill for quick experiments
  • Autoreview โ€” renamed Codex closeout review skill

๐Ÿงช QA-Lab: Enterprise-Grade Testing

The QA framework gets a massive expansion:

  • First-hour 20-turn and optional 100-turn runtime parity scenarios
  • Codex-vs-Pi runtime parity with standard and soak tiers
  • Runtime tool fixture scenarios with coverage reporting
  • Personal-agent benchmark pack (approval denial, task followthrough, dreaming shadow-trial, share-safe diagnostics, no-fake-progress)
  • Token-efficiency sidecar comparing Codex vs Pi costs
  • Visual desktop tasks with MP4 recording and screenshot capture

๐Ÿ”’ Security & Policy

  • before_agent_run pass/block gate โ€” stop prompts before model submission
  • Per-sender tool policies now canonical with channel-scoped sender keys
  • Exec approval command highlighting for better security review
  • Contributor PRs now require real behavior proof (not just unit tests)
  • Managed proxy loopback control for Gateway traffic

๐ŸŒ Android: Realtime Talk Mode

Android switches Talk Mode to realtime Gateway relay voice sessions with streaming mic input, realtime audio playback, tool-result bridging, and on-screen transcripts. This brings mobile voice parity with desktop.

๐Ÿ–ฅ๏ธ Mac App: Settings Redesign

The Mac app gets a complete Settings overhaul with consistent card layouts, cached navigation, cleaner permissions/voice/skills/cron/exec/debug panes, and the sidebar moved to the native titlebar. Dashboard, Chat, Canvas, and Settings shortcuts now appear in the Dock icon menu.

๐Ÿ’ฌ Channel Fixes

  • Telegram: Forum topic fixes across inbound, delivery, and hot-reload; HTTP 421 retry on fallback transport; media group download warnings
  • Discord: Progress draft default on, final delivery preserved in streams, voice channel permission auditing
  • Slack: Thread routing for implicit-conversation channels, preserved mention metadata
  • WhatsApp: Status reaction lifecycle (thinking โ†’ tool โ†’ done/error), document delivery for images/GIFs/videos
  • Feishu: Group policy resolution from trusted chat target, session delivery context refresh
  • Signal: Mixed-case group ID preservation

๐Ÿง  Codex Improvements

  • Native code-mode available without forcing code-mode-only
  • Sandbox network access preserved when OpenClaw allows outbound egress
  • Image attachments hydrated before queued runs for Discord vision input
  • Tool progress synthesized from final snapshots for Telegram verbose mode
  • Oversized native thread rotation before resume

๐Ÿ“Š Control UI

  • Persistent compact context usage indicator (before high-pressure warning)
  • Inline reasoning choices as plain labels
  • Collapsed consecutive duplicate text messages with count
  • Inherited thinking defaults labeled separately from explicit overrides

โšก Gateway & Performance

  • Startup logging overlaps with plugin-service startup to reduce restart ready latency
  • Restart benchmark tooling for readiness, downtime, and resource-slope evidence
  • Session store index writes made atomic without durable fsync
  • Plugin metadata snapshot reused across dashboard and channel turns
  • Secrets startup fast path when no SecretRef values configured

๐Ÿ”ง Other Notable Changes

  • Browser: Modal dialog surfacing in snapshots, browser dialog --dialog-id for answering pending dialogs
  • Proxy: HTTPS managed forward-proxy endpoints with scoped TLS CA trust
  • Memory: SQLite-vec load failures distinguished from missing embeddings in diagnostics
  • Talk: Unified session controller across realtime relay, transcription, Voice Call, Google Meet, and native clients
  • Docker: OPENCLAW_IMAGE_APT_PACKAGES and OPENCLAW_IMAGE_PIP_PACKAGES build args
  • Dependencies: Pi packages 0.75.1, Node.js 22.19 minimum, pnpm 11 workspace management

Why It Matters

Where 5.12 was about plugin architecture, 5.18 is about developer experience and reliability. The new plugin tooling makes extending OpenClaw dramatically easier. The QA-Lab expansion means releases will be more stable going forward. And the channel fixes address real pain points that affect daily use across Telegram, Discord, Slack, and WhatsApp.

Combined with the performance gains and security improvements, this is the most polished OpenClaw has been in the 5.x cycle.

How to Update

npm install -g openclaw@latest

Then restart your gateway: openclaw gateway restart

Running OpenClaw and need help? Get in touch โ€” we offer setup, optimization, and custom agent development services.

Related Posts

Scroll to Top