OpenClaw 5.28: Security Fences Bolted Shut, Video Generation Built Right In - Deep Dive

🔧 AI Tools 💬

🩺 Summary

OpenClaw 5.28 quietly shipped, but security hardening + Codex stability fixes + Pixverse video integration are all heavy-hitters

📝 Details

Today OpenClaw pushed V2026.5.28. Four main pillars: security boundary hardening, Codex stability fixes, Pixverse video generation as a first-class citizen, and DeepInfra model catalog refresh. The most critical are the security fences: 1) Group Prompt metadata no longer leaks into System Prompt 2) Tailscale unauthenticated exposure paths sealed 3) Node/Device-Role approval now requires admin permissions The Codex fix list is extensive - over twenty fixes including sub-agent cwd/workspace state isolation, correct session lock timeout release, compaction failure recovery, app-server shared state persistence, and Claude Live tool progress visibility. Pixverse video generation is now a native OpenClaw Provider. /generate video works directly, on the same level as text and image generation. You can orchestrate end-to-end workflows like "research -> write script -> generate video clips -> composite output" within agent flows. DeepInfra model catalog now auto-fetches the live model list from the DeepInfra API on startup. DeepSeek-V4-Flash, Kimi K2.5, MiniMax-M2.5, NeMo - if DeepInfra supports it, OpenClaw discovers it directly. ClawHub has reached 52,700+ tools and 12+ million downloads.
If you run Codex sub-agents for development and frequently hit session crashes, or you deploy in production with multi-user Gateway - you must upgrade to 5.28. If you want to embed video generation in agent workflows, this is the release for you.