OpenClaw 4.2 Released: Introducing Persistent Taskflows and Multiple Security Enhancements
In the past three days, the open-source AI agent framework OpenClaw has rapidly released versions v3.31, v4.1, and v4.2, covering a wide range of updates from feature refactoring and breaking changes to large-scale security hardening. These updates aim to enhance the platform’s reliability, security, and user experience, with the refactoring of the task management system and the comprehensive tightening of security policies having a particularly profound impact on developers and general users.
Core Feature Refactoring: Introducing a Persistent Taskflow System
OpenClaw 4.2 completely overhauls the background task system, replacing the previously fragmented task management approach with a unified “taskflow” ledger backed by an SQLite database. Previously, background processes like ACP tasks, scheduled tasks, and sub-agent tasks ran independently, lacking a unified monitoring and management view, which made debugging and troubleshooting complex automation flows difficult.
The advantages of the new system are reflected in several areas:
- Unified Monitoring: Users can now enter the
/tasks command in a chat session to view the real-time status of all background tasks associated with the current session.
- Transparent Blocking: When a task is blocked, its parent session will clearly display the reason for the blockage, eliminating the need for users to guess the root of the problem.
- Graceful Termination: Task cancellation is now much smoother. The system waits for sub-tasks to complete their current active work units before fully stopping, preventing state inconsistency issues caused by abrupt interruptions.
This improvement marks a significant step for OpenClaw towards maturity in handling complex, long-running automation workflows, providing a solid foundation for building more reliable AI Agent applications.
Comprehensive Security Upgrade: From Plugin Installation to Command Execution
This series of updates prioritizes security, implementing several strict hardening measures to address the growing risks in the AI supply chain.
- Plugin Installation Auditing: The framework now includes a built-in malicious code scanner. When installing a plugin, if the scan detects serious security issues, the installation will fail by default. Users must explicitly add the
--dangerously-force-unsafe-install flag to force the installation. This measure aims to prevent third-party plugins containing malicious code, a response to findings by Cisco’s AI security research team, which discovered data exfiltration and prompt injection risks in third-party OpenClaw skills.
- Stricter Command Execution Permissions:
- Separation of Node Pairing and Authorization: Devices no longer automatically gain command execution privileges after completing node pairing. The relevant command functions are only enabled after the pairing request has been explicitly approved, effectively preventing privilege escalation attacks that exploit the pairing process.
- Strict Environment Variable Filtering: In the shell execution environment, sensitive environment variables from the request scope (such as the Python package index
PIP_INDEX_URL or the Docker endpoint DOCKER_HOST) are strictly blocked. This closes off a supply chain attack vector where dependencies could be redirected to malicious sources via environment variable injection.
- Explicit Executor Behavior: The behavior of
tools.exec.host=auto has been changed to be a pure routing flag. If the configuration specifies a sandbox but the sandbox environment is not available, the task will now fail immediately instead of silently falling back to execution in a non-sandboxed environment. This prevents an unexpected failure of security isolation.

Breaking Changes and Configuration Migration
The version upgrades introduce two major breaking changes, primarily affecting users of the xAI search and Firecrawl web scraping features. The corresponding configuration paths have been completely changed:
- xAI Search: Configuration must be migrated from
tools.web.x_search.* to plugins.entries.xai.config.xSearch.*.
- Firecrawl Web Scraping: Configuration must be migrated from
tools.web.fetch.firecrawl.* to plugins.entries.firecrawl.config.webFetch.*.
To simplify the migration process, users can run the openclaw doctor --fix command, which will automatically detect and correct outdated configuration files. However, any scenarios with hardcoded old paths in automation scripts or CI/CD pipelines will still require manual updates.
Platform Experience Optimizations and Gateway Authentication Adjustments
In addition to the core functional changes, the new version also brings experience optimizations for several integrated platforms:
- Slack: Support for approving command execution workflows directly within the Slack interface.
- Matrix: Streaming responses now update within the same message instead of sending a new message for each data chunk.
- Android: Supports invoking OpenClaw directly from the voice assistant through integration with Google Assistant App Actions.
- LINE/QQ Bot: Official binding plugin support has been added.
For self-hosted users, the trusted-proxy mode authentication policy for the gateway has also been tightened. It no longer allows mixed configurations with shared tokens and revokes the implicit trust for local loopback calls. All connections must now provide an explicitly configured authentication token.