OpenClaw v2026.6.1: Skill Workshop, SQLite State, and the End of May's Chaos

🤖 Ghostwritten by Claude Opus 4.6 · Fact-checked & edited by GPT 5.4

OpenClaw v2026.6.1, released on June 3, 2026, is the clearest answer yet to the problems that defined May: instability across channels, risky skill creation, and poor visibility into what an agent had installed. The release's four most important changes are tightly connected to those failures: a review-first Skill Workshop, an operator-install-policy that replaces the old dangerous-code scanner, SQLite-backed state for iMessage monitors and plugin-install ledgers, and broader channel stability alongside new MiniMax M3 support.

For operators, this is not a cosmetic update. It changes how reusable skills are created, how installations are governed, and how state should be backed up and inspected. The practical takeaway is straightforward: verify you're on v2026.6.1, back up the SQLite database, and review your install policy before treating the upgrade as complete.

Skill Workshop Matures Into a Review-First System

TL;DR: New skills now begin as a PROPOSAL.md and move through a full Control UI review flow before they become trusted and executable.

The biggest governance change in v2026.6.1 is the maturation of the Skill Workshop. Instead of treating a newly created skill as implicitly trustworthy, OpenClaw now treats it as a proposal that must be reviewed first.

That shift matters because it changes the default trust model. A reusable skill is no longer something that quietly appears and becomes available to run. It starts as a PROPOSAL.md, surfaces in the Control UI, and only becomes executable after explicit approval.

In practice, the new lifecycle looks like this:

1. Proposal creation — A new skill starts as PROPOSAL.md rather than a trusted live skill.
2. Control UI review — The proposal appears as a pending item for operator review.
3. Approval or rejection — The operator evaluates the skill before it is trusted.
4. Execution only after trust — The skill becomes runnable only after approval.

This is the right response to May's problems. When operators were dealing with unstable behavior and unclear boundaries, the old model made it too easy for capability changes to slip through without enough scrutiny. The new flow makes skill creation slower by design, but also safer and easier to audit.

After upgrading, it is worth reviewing how your team handles approvals. Every new skill should be treated as a reviewable proposal, not as an automatic extension of the agent's capabilities.

Operator-Install-Policy Replaces the Dangerous-Code Scanner

TL;DR: OpenClaw replaced scan-after-install behavior with a policy-before-install model, giving operators a stronger security boundary.

The second major change is the replacement of the old dangerous-code scanner with an operator-install-policy. That is more than a rename. It is a change in security posture.

The previous scanner model was reactive: code could be installed first and examined afterward. v2026.6.1 moves that decision point earlier. With operator-install-policy, the operator defines what is allowed before installation happens.

Aspect	Old approach: dangerous-code scanner	New approach: operator-install-policy
Enforcement point	After installation	Before installation
Security posture	Reactive	Preventive
Operator role	Review scan output	Define policy boundaries
Primary artifact	Scanner results	Install policy + ledger history

That change directly addresses one of the release's core themes: reducing risk before code lands on the system. The practical recommendation is to start with a restrictive policy and expand only when there is a clear reason to do so.

A good upgrade review should include three questions:

• Which plugin sources are explicitly allowed?
• Which capabilities should require tighter scrutiny?
• Who is responsible for changing the policy over time?

The release makes it easier to answer those questions in advance instead of after an installation has already happened.

SQLite State Changes Backup and Inspection Workflows

TL;DR: State for iMessage monitors and plugin-install ledgers now lives in SQLite, so backup and inspection should focus on the database rather than scattered flat files.

OpenClaw v2026.6.1 moves state for iMessage monitors and plugin-install ledgers into SQLite. That is one of the most operationally important changes in the release because it affects both observability and backup strategy.

The immediate benefit is clearer inspection. Instead of piecing together state from multiple flat files, operators now have a structured, queryable record for two important areas:

• iMessage monitor state
• Plugin-install ledgers

The ledger change is especially useful because it improves visibility into what the agent has installed and gives operators a more coherent history to inspect.

It also changes backup expectations. Backing up "state" now means backing up the SQLite database, not just copying configuration files and hoping the important history is captured elsewhere. If your old process focused on flat files alone, it is incomplete after this upgrade.

A simple, consistent approach is to create a database backup directly with SQLite tooling, for example:

sqlite3 your-database.db ".backup backup.db"

That matters for more than disaster recovery. If install history is part of your governance model, losing the database means losing the audit trail this release was designed to improve.

Stability Improves Across Channels, With New MiniMax M3 Support

TL;DR: v2026.6.1 broadens channel stability and adds MiniMax M3 as a newly supported model option, but M3 should be treated cautiously until weights are released and claims are independently validated.

Not every important improvement in this release is a governance feature. v2026.6.1 also targets the reliability issues that made May unusually chaotic, with broader channel stability work intended to reduce the operational friction operators were seeing.

That stability work is paired with support for MiniMax M3, announced on June 1, 2026. In OpenClaw, the important point is support status: M3 is now a newly supported model option.

The caveat is just as important. MiniMax described M3 with ambitious claims around coding performance, a 1 million token context window, and native multimodality on MiniMax Sparse Attention, but those benchmarks are company-reported and unverified. In addition, the model weights were not released at launch and were promised within roughly 10 days.

So the right framing is simple: M3 is a new option in the stack, not a proven best-in-class default. It is worth watching, but not worth overselling.

Upgrade Checklist for v2026.6.1

TL;DR: Confirm the version, back up the SQLite database, and review your install policy before calling the upgrade finished.

Use this checklist before and after rollout:

• Verify the version. Confirm you are running v2026.6.1 stable rather than a nightly or pre-release build.
• Back up the SQLite state. The key change is database-backed state, so back up the SQLite database itself.
• Review your install policy. Set a restrictive operator-install-policy first, then loosen it only where necessary.
• Review new skill proposals carefully. Treat every new skill as a proposal that must be approved before trust is granted.
• Check channel behavior after upgrade. Validate that monitored channels are stable and behaving as expected.

Frequently Asked Questions

Q: What is the biggest operational change in v2026.6.1?

The biggest operational change is the combination of review-first skill creation and policy-before-install controls. Together, they move OpenClaw away from implicit trust and toward explicit operator approval.

Q: What should operators back up after upgrading?

Back up the SQLite database that now stores state for iMessage monitors and plugin-install ledgers. This release changes backup scope: protecting flat files alone is no longer enough.

Q: Why does the operator-install-policy matter more than the old scanner?

Because it changes when enforcement happens. A scanner that runs after installation can still surface useful information, but a policy that blocks installation before it happens is a stronger control.

Q: Is MiniMax M3 the main reason to upgrade?

No. M3 support is notable, but the stronger reasons to upgrade are the governance and stability improvements: Skill Workshop review flow, operator-install-policy, SQLite-backed ledgers, and broader channel reliability.

Q: How should teams treat new skills after this release?

As proposals, not trusted capabilities. The point of the PROPOSAL.md flow is to make review explicit, so teams should define who approves skills and what standards those approvals require.

Key Takeaways

• OpenClaw v2026.6.1 released on June 3, 2026 and serves as a direct response to May's instability, risky skill behavior, and weak install visibility.
• Skill Workshop is now review-first. New skills begin as PROPOSAL.md and move through the Control UI before they are trusted.
• Operator-install-policy replaces the dangerous-code scanner. The model has shifted from scanning after installation to enforcing policy before installation.
• SQLite now backs iMessage monitor state and plugin-install ledgers. Backup procedures should focus on the database, not only flat files.
• MiniMax M3 is a newly supported model option. It should be treated as supported but not yet independently validated.

Conclusion

OpenClaw v2026.6.1 stands out because it turns May's pain points into concrete operational controls. The release does not just add features; it changes defaults around trust, installation, and state management. For operators who want a more stable and governable OpenClaw setup, that is the real story of this release.