If you’re a creator relying on Lobster’s agent ecosystem for your daily workflow, this update is a double-edged sword: it offers unprecedented automation but demands immediate technical vigilance to avoid breaking your existing tools.
Good morning, shrimp farmers! I’ve been tracking the rapid-fire releases from Shrimp Father Peter, and nine days after the last drop, he has unveiled version 2026.3.22-beta.1.
The changelog is so dense it’s arguably the largest in the product’s history—you’ll need to scroll with your trackpad and mouse wheel for a while just to finish reading.
First, let’s tell you the most critical point: Lobster can now update itself. This shifts some maintenance friction away from manual downloads, but introduces new dependency considerations.
I think self-updates reduce downtime but may unexpectedly break custom plugin workflows if not carefully managed.
Returning to the update highlights, here is an overview of what changed:
- Plugin Upgrade: The legacy
openclaw/extension-apihas been completely removed with no compatibility shims provided. All plugins now uniformly use the newopenclaw/plugin-sdk/*. Installation priority is ClawHub; only if not found there should you turn to npm. - Model Updates: New additions include MiniMax M2.7, GPT-5.4-mini/nano, and default modes for agent “Thinking/Reasoning/Fast.”
- Interaction Optimization: Added
/btwfor quick Q&A, supporting instant questions without tool calls, which does not affect future sessions; the terminal UI can be disabled, allowing BTW replies to display on external channels. - Security: Core SSH sandbox is now live, supporting key/certificate/known_hosts verification, while OpenShell focuses on sandbox lifecycle management.
Additionally, Lobster has optimized security, UI, Android mobile support, and social media integration. Let’s take a closer look at the technical shifts that matter most to our desk.
Plugin Updates
To enhance plugin distribution security and development standards, OpenClaw has made significant optimizations to the plugin installation mechanism and development interfaces:
Beyond unifying plugins under ClawHub and removing the old openclaw/extension-api, bundled plugins must now perform host-side operations through injected runtimes (e.g., api.runtime.agent.runEmbeddedPiAgent).
All direct imports must point to the streamlined openclaw/plugin-sdk/* subpaths; full imports from the monolithic SDK root directory are prohibited.
Furthermore, the new Matrix plugin is now directly supported by the official matrix-js-sdk, bringing more reliable protocol compatibility and encryption performance.
For creators, forcing ClawHub as the primary source limits your ability to use niche or private plugins hosted elsewhere.
Security Updates
In this update, Lobster has further strengthened identity verification and execution auditing.
The new version adds native SSH sandbox support, meaning you can now use keys, certificates, and known_hosts for fine-grained authentication.
The original shared remote execution and file system tools have been formally moved into the Core Library, while OpenShell focuses more on sandbox lifecycle management and optional Mirror mode.
In the exec approval process, the system can now automatically identify scheduling wrappers like time. When executing a time … command, the approval logic penetrates the path to bind directly to the internal executable.
Architecturally, the new version introduces a pluggable backend design. The sandbox runtime officially supports pluggable backends, allowing seamless switching between mirror mode and remote workspace mode.
In terms of deployment, the config set command now supports SecretRef (secret references), JSON batch assignment, and provides a structured output --dry-run validation mode, making configuration deployment safer and more intuitive.
Notably, the new version of Lobster will refuse to install remote plugin manifests that attempt to operate outside the official clone market repository (such as external Git, HTTP, or absolute paths).
On licensing, blocking external Git and HTTP sources protects users but stifles rapid experimentation with unvetted community tools.
Streamlining the Stack: Efficiency and Model Syncs
The real story here isn’t just code; it’s about who gets to keep their workflow intact when systems get complex. When a prompt exceeds limits, Lobster now uses a Compact Directory Fallback instead of discarding data violently. This prioritizes retaining registered skill entries, ensuring your hard-coded logic doesn’t vanish into the void.
I think losing context means losing hours of setup time for power users.
To keep things smooth, automatic compaction notifications bypass text-to-speech (TTS) and don’t break thread relationships. Plugins can also dynamically adjust context formats based on the incoming modelId, ensuring smaller models get inputs they can actually handle.
For rooms with low activity, idle Agent Control Plane (ACP) bindings now expire correctly, saving server resources without premature focus refreshes. If a gateway restarts causes message storms, inbound event persistence deduplication ensures old messages aren’t replayed as new ones. Unseen events are still resent, keeping your history accurate but clean.
For creators, silent system noise disrupts creative flow more than visible errors do.
Model Agnosticism and Vendor Lock-in Risks
This release syncs mainstream libraries with aggressive forward compatibility. Native support now includes gpt-5.4-mini and gpt-5.4-nano. OpenAI’s defaults have officially shifted to gpt-5.4, centralizing chat, image, voice, and embeddings into a shared module for seamless future upgrades.
The MiniMax family has evolved from M2.5 to M2.7, with new high-speed variants like MiniMax M2.7-highspeed. The /fast command now maps directly to these speed modes. Bundled API and OAuth plugins are merged here too, simplifying the configuration burden for developers.
On licensing, simplified config is good, but vendor default shifts can break existing pipelines overnight.
Zhipu aligns with GLM 4.5/4.6, covering multimodal entries and token billing. Grok syncs to latest Pi support IDs for /fast routing, while Mistral metadata updates ensure transparent usage stats. GitHub Copilot now supports dynamic model ID compatibility, allowing new official releases without code changes.
Agents can independently set “Thinking / Fast / Reasoning” modes; unsupported models fall back to optimal defaults automatically. This flexibility is crucial as the model landscape fractures further.
I think dynamic compatibility reduces maintenance debt for teams managing multiple agents.
UI Control and Platform Fragmentation
The interface gains a “Roundness” slider, letting users choose between “hardcore right angles” and “rounded curves.” Chat bubbles now feature an “Expand to Canvas” function for complex tasks, while the usage overview removes redundant placeholder cards for cleaner data display.
Mobile support includes system-level dark mode. Android nodes can now search SMS and call logs, with an optimized TTS architecture that keeps keys on the gateway side for better security.
For creators, visual customization is nice, but security-focused key management protects creator accounts.
Platform integrations deepen significantly. Feishu (Lark) supports viewing/editing messages, pinning, and group member lists. Telegram allows custom Bot API endpoints, auto-generated forum tags, and silent error replies. Matrix adds allowBots and allowPrivateNetwork options for internal server connections.
Documentation now lists community versions for DingTalk, QQbot, and Wecom plugins, alongside updated Zalo channel guides. This expansion helps creators reach fragmented audiences but increases the testing surface area.
Critical Security Patches and Performance Overhaul
The creative stack just got a lot safer, but the friction of maintaining integrations remains high. This update isn’t just about shiny new features; it’s a defensive maneuver against security vulnerabilities that could expose Windows passwords or allow command spoofing. I read through the release notes, and what stood out to me was how they’ve intercepted malicious input before file paths load on Windows, while also patching iOS pairing code abuse and macOS Unicode hiding issues.
On licensing, security patches protect your data but often break existing workflows overnight.
Beyond security, the performance gains are tangible: cold start times have plummeted from minutes to seconds. Code recompilation no longer repeats unnecessarily, plugins now use lazy loading, and the main model warms up at startup. This significantly improves the daily experience for anyone waiting on their AI assistant to wake up.
Model compatibility has also been strengthened. OpenAI and third-party large models will no longer error out due to field or duplicate ID issues. OpenRouter can now properly handle vision models, and Exa search supports more content extraction with higher result limits. These are the backend improvements that keep our tools from crashing mid-task.
I think smoother model integration means less time debugging API errors and more time creating.
Social channel experiences have seen obvious optimization as well. Telegram replies are now stable and won’t disappear when parent messages are deleted. Feishu bots support viewing, editing, pinning messages, and group member management. WhatsApp no longer reprocesses old messages after reconnecting, which should reduce noise in busy channels.
Mobile and console experiences are smoother too. Android fixes memory leaks and dark mode adaptation issues, while multi-gateway settings achieve isolation, making operations safer and more reliable for mobile creators on the go.
Platform Maturity vs. Integration Friction
Many netizens expressed satisfaction with this update, especially regarding the plugin market. This release makes Lobster feel more like a true platform rather than just another interface.
ClawHub and sandbox features are also highlights long awaited by users. These tools promise better isolation and easier distribution, which is crucial for the ecosystem’s growth.
Some netizens found this release impressive, but the real difficulty lies not in the “volume of updates,” but in OpenClaw becoming easier to extend, easier to install, and easier to connect tools. This shift from complexity to accessibility is what will determine if creators actually adopt these new capabilities.
Of course, many users discovered after updating: “WhatsApp doesn’t work anymore?” The transition period is always messy when core integrations are rewritten.
For domestic users, WeChat seems to have encountered issues as well. The ecosystem’s reliance on specific regional platforms creates unique fragility points during major updates.
Netizen Lin Yi LYi found that the ClawBot plugin for WeChat crashed directly after updating, and was prompted by OpenClaw officials with “WARNING: Dangerous Code Patterns.” This suggests a clash between new security standards and existing third-party code structures.
Does this mean Lobster’s official WeChat plugin only survived one weekend? It raises a critical question about the sustainability of maintaining niche integrations in a rapidly evolving security landscape.
For creators, relying on unofficial plugins for key platforms is becoming an unsustainable risk.
The Fine Print Behind the Lobster Upgrade
References
I’ve compiled these sources for those who want to dig into the technical details and follow the official channels directly.
Comments
Sign in to join the discussion and leave a comment.
Sign in with Google