ClawHosters
by Daniel Samer
4 min read
Plaintext API keys in config files are still the number one misconfiguration risk for self-hosted OpenClaw instances. SecurityScorecard's scan found over 40,000 exposed instances with credentials sitting in readable YAML. OpenClaw v2026.2.26, released February 27 by 45 contributors and led by @steipete, tackles that problem head-on with a proper secrets management CLI. But that's not the only thing worth paying attention to.
Secrets Management: openclaw secrets
The new openclaw secrets CLI gives you four commands: audit, configure, apply, and reload. You can now store API keys and credentials outside your config files entirely, with runtime snapshot activation so secrets only become live after explicit apply. Strict target-path validation prevents secrets from being written anywhere they shouldn't be.
If you've been following the v2026.2.25 security release, this is the logical next step. That release patched how attackers get in. This one makes sure there's less to steal if they do.
For self-hosters, run openclaw secrets audit on your instance. You'll probably find credentials that shouldn't be where they are.
Thread-Bound ACP Agents
Agent Communication Protocol agents are now first-class runtimes tied to thread sessions. That sounds abstract, so here's what it means in practice: you can spawn agents, dispatch messages to them, and control their lifecycle per-thread. Startup reconciliation handles the messy case where your server restarts mid-conversation. Coalesced thread replies keep multi-agent responses from flooding your chat.
This is the kind of infrastructure change that makes multi-agent setups actually reliable in production instead of a demo you show once and pray.
Agent Routing CLI
Three new CLI commands for managing agent routes: openclaw agents bindings, openclaw agents bind, and openclaw agents unbind. Routes are account-scoped, so different users can have different agent configurations on the same instance.
If you run multiple agents and found yourself editing YAML every time you wanted to change which agent handles what, this replaces that workflow.
Everything Else
IPv6 multicast addresses are now properly classified as private targets for SSRF protection. The DM allowlist inherits at runtime. Delivery queue recovery got smarter backoff logic. Gemini OAuth aligns with Google's latest spec changes. And Codex moved to WebSocket-first transport. The full release notes list 7+ security fix categories on top of the headline features.
What This Means for ClawHosters Customers
Already done. If you're on a managed ClawHosters plan, your instance is running v2026.2.26. No YAML editing, no manual secret rotation, no downtime. That's what managed hosting is for.
Self-hosters should update and run openclaw secrets audit as a first step. The secrets CLI alone makes this release worth the upgrade.
