OpenClaw News Roundup: What Changed in 2026 (So Far)

OpenClaw went from a personal prototype to the most-starred repository on GitHub in roughly six months. Along the way: a rename forced by trademark issues, multiple serious security incidents, the creator departing for OpenAI, and a transfer to an independent foundation. This roundup consolidates the defining events of OpenClaw's first half of 2026 — the timeline every new user should understand.

We've covered these events individually across the site; this brings them together chronologically with the context that matters for traders deciding whether and how to use OpenClaw.

TL;DR — The 30-second answer

• Nov 2025: Peter Steinberger builds the prototype (originally 'Clawdbot').
• Jan 2026: renamed OpenClaw; first major CVE (RCE) patched.
• Feb 2026: ClawHavoc incident (1,184 malicious skills); Steinberger joins OpenAI.
• Mar 2026: hits 250K stars, beating React's record; another CVE.
• Apr 2026: 347K+ stars (most-starred repo); transferred to independent foundation.
• The lesson: explosive growth + real security incidents = audit everything.

The timeline

November 2025 — The prototype

Peter Steinberger (known previously for PSPDFKit) built the original prototype, initially called 'Clawdbot,' as a personal project — an AI agent that could control applications and automate tasks through natural language, starting with a WhatsApp relay. The concept resonated immediately: a general-purpose AI agent you could direct in plain language, extensible through community 'skills.'

January 2026 — Rename and first CVE

The project was renamed OpenClaw (trademark considerations around the original name) and released more broadly. With visibility came scrutiny: the first major security vulnerability, a remote code execution (RCE) flaw, was discovered and patched in version 2026.1.29. This set the pattern for the year — rapid growth shadowed by serious security issues, a consequence of a fast-moving project with a permissive skill-execution model.

February 2026 — ClawHavoc and the OpenAI move

February brought the most significant security event: ClawHavoc, in which researchers identified 1,184 malicious skills published to the community skill repository (ClawHub). These skills, if installed, could exfiltrate API keys, drain wallets, or execute arbitrary code — a direct threat to anyone running trading bots with live credentials. We cover the implications in our skill audit guide.

Also in February, creator Peter Steinberger announced he was joining OpenAI. This raised questions about the project's future governance — would it remain independent, or be absorbed? The answer came in April.

March 2026 — Record-breaking growth

OpenClaw crossed 250,000 GitHub stars in March, surpassing the record previously held by frameworks like React — an extraordinary pace for a project barely a few months old. The growth reflected genuine utility and viral enthusiasm. But March also brought another vulnerability (CVE-2026-32922), reinforcing that the security challenges weren't behind it.

April 2026 — Most-starred repo and foundation transfer

By April, OpenClaw reached 347,000+ stars, making it the most-starred repository on GitHub. Crucially, governance was transferred to an independent foundation — resolving the uncertainty from Steinberger's OpenAI move. The foundation structure aimed to ensure the project remained open, community-governed, and not controlled by any single company. For users, this was reassuring: OpenClaw would persist as genuinely open infrastructure.

What it means for traders

The story has two halves, and both matter:

• The bullish half: OpenClaw is real, widely adopted, actively developed, and now governed by an independent foundation. It's not a flash in the pan — it's established infrastructure with enormous community momentum.
• The cautionary half: the security incidents (RCE CVEs, ClawHavoc's 1,184 malicious skills) are not theoretical. For traders running bots with live API keys and wallet access, the attack surface is real. Every skill you install can execute code on your machine.

The practical takeaway: OpenClaw is worth using, but audit every skill before installing it, never grant withdrawal permissions to API keys, isolate trading bots from other systems, and follow the hardening checklist. The explosive growth brought both genuine capability and genuine risk; treat both seriously.

What's next

With foundation governance in place, the focus shifts to maturing the security model (better skill sandboxing, signed skills, audit tooling) and stabilizing the API. For traders, the trajectory is encouraging — a maturing project with institutional backing — but the core security discipline remains your responsibility regardless of how the framework evolves. We'll update this roundup as 2026 progresses.

Frequently asked questions

What to read next

• What Is OpenClaw?
• Spot a Malicious Skill in 60 Seconds
• The State of AI Trading Agents in 2026
• The 12-Point Hardening Checklist