OpenClaw 2026.6.6: OpenRouter Onboarding, Mobile Control, Stability Fixes

OpenClaw 2026.6.6 focuses on setup ease and runtime stability. Key highlights include first-class OpenRouter provider onboarding, a usable mobile control surface, and dozens of fixes to codex sandbox, MCP, browser, cron, and channel reply reliability.

OpenRouter Onboarding

OpenRouter is now a first-class provider choice in the model/auth setup flow. You can pick OpenRouter directly and use its OAuth or API-key path instead of digging through secondary routes.

Mobile Control Surfaces

The iPad app now has a sidebar for Chat, Talk, Activity, Workboard, Skill Workshop, Agents, Sessions, Docs, Settings, and Gateway. The iPhone gets a Control hub for the same areas. Workboard and Skill Workshop can load Gateway data and perform actions—they're no longer placeholders.

Stability and Safer Runtime

• Codex sandbox HTTP blocks private, internal, metadata, redirect, proxy-mediated, and DNS-rebinding targets before execution.
• Docker sandbox bind validation rejects broad parent paths exposing blocked descendants.
• MCP stdio env inheritance is tighter.
• Browser CDP endpoints are validated before use.
• Exec approvals deny by default after timeout instead of silently approving.
• Tool output, approval displays, diagnostics, URLs, and connection strings get stronger secret redaction.
• Non-owner loopback MCP callers can't reach owner-only core tools.

More Reliable Channel Replies

• Telegram callback actions preserve business connection and topic routing metadata.
• Unauthorized Telegram DM text is blocked before entering dedupe, reply-chain cache, prompt context, or dispatch.
• Discord reply context hydration fixed when gateway payloads omit referenced message body.
• Multi-bot Discord command deploy caches scoped by application id.
• iMessage outbound sending and startup diagnostics more robust.
• State-relative inbound media paths (including Telegram images) hydrate properly even when cwd differs from state directory.

Browser, MCP, Codex, and Provider

• Existing-session browser profiles can attach through configured CDP endpoints. browser.defaultProfile: "user" honors top-level browser.cdpUrl.
• MCP SSE Authorization headers normalized; remote streamable-http MCP OAuth flows get better localhost fallback and readable errors.
• Codex context-engine ownership respected before native compaction.
• Local, custom, and provider-qualified model setups no longer attempt Guardian-backed approval outside trusted OpenAI context.
• OpenAI gpt-5.3-codex works again for standard API keys (removed ChatGPT backend override).

Memory, Cron, and Long-Running Work

• openclaw memory search --json exits cleanly after printing JSON.
• Explicitly configured QMD roots named build, dist, vendor, or .cache remain watchable.
• Memory search self-heals missing index identity during sync.
• Cron wakes preserve originating session and agent.
• Impossible cron expressions rejected during create/update.
• openclaw cron runs JSON now includes readable ISO timestamp fields.