ClawHosters ClawHosters
Subs -30% SUB30
OpenClaw v2026.3.22: 48-Hour Agent Sessions and a Public Plugin SDK
$ ./blog/news
News

OpenClaw v2026.3.22: 48-Hour Agent Sessions and a Public Plugin SDK

ClawHosters
ClawHosters by Daniel Samer
3 min read

OpenClaw v2026.3.22 shipped on March 23, 2026. It packs 242 commits from 70+ contributors, and if you run a ClawHosters instance, you probably care about two things most: your agents can now run for up to 48 hours, and the plugin ecosystem just got a proper SDK.

Agent Sessions That Actually Last

The old default timeout was 10 minutes. That's 600 seconds. If your agent was scraping data, running a multi-step research pipeline, or doing anything that took longer than a coffee break, it died. Silently. As Efficienist noted, sessions "silently died at the 600-second mark regardless of what they were doing."

The new default is 48 hours. That covers pretty much any agent workflow you'd run on a managed instance, from long automation chains to persistent ACP sessions.

On ClawHosters, this works out of the box. No config changes on your end.

Plugin SDK and ClawHub-First Installs

The old openclaw/extension-api is gone. In its place: a stable Plugin SDK at openclaw/plugin-sdk/* with documented, narrow imports. If you write plugins, this is the new surface area.

More relevant for most users, openclaw plugins install now checks ClawHub before npm. That's a supply-chain security win. ClawHub is curated. npm is, well, npm. The fallback still works if ClawHub doesn't have a package, but the default resolution order changed.

New Models, Old Names Gone

MiniMax M2.7 is now the default for the MiniMax provider. Claude is available natively through Vertex AI (provider ID: anthropic-vertex). If you've been wanting to run Claude without a direct Anthropic API key, that's your path.

And the MoltBot cleanup is finally done. All legacy MOLTBOT_* and CLAWDBOT_* environment variables are gone with no fallback. Self-hosters need to run openclaw doctor --fix if they still have old config. ClawHosters instances? Already handled. We migrated that config months ago.

15+ Security Fixes

This release closes more security gaps than a typical quarterly cycle. Metaverse Post confirmed fixes for proxy spoofing and admin scope escalation. The two worth knowing about: a Windows SMB credential leak via file:// URLs, and invisible Unicode padding in execution approval prompts. Both patched.

Gateway cold-start times also improved. WhatsApp-class boots went from tens of seconds back to single digits.

What ClawHosters Users Need to Do

Nothing. Managed instances auto-update. You get all 242 commits worth of improvements without touching a terminal. That's the point of managed hosting.

If you're curious about what OpenClaw is or want to explore further, check the docs.

Frequently Asked Questions

The default agent timeout went from 600 seconds (10 minutes) to 172,800 seconds (48 hours). This means long-running tasks, automation pipelines, and ACP sessions no longer terminate prematurely. On ClawHosters, this applies automatically.

No. ClawHosters managed instances receive updates automatically. You don't need to run any commands or change any configuration. The update rolls out as part of the regular update cycle.

If you're on ClawHosters, no. The platform migrated all legacy environment variables and state directories automatically. Self-hosters who still use `MOLTBOT_*` or `CLAWDBOT_*` variables should run `openclaw doctor --fix` to complete the migration.
*Last updated: March 2026*

Sources

  1. 1 v2026.3.22
  2. 2 Efficienist noted
  3. 3 Metaverse Post confirmed
  4. 4 managed hosting
  5. 5 docs
$ ./related --posts