Most post-mortems start with “we experienced some issues.” This one doesn’t. The OpenClaw founder’s own words: “That sucks. I’m sorry.” That’s the opening, and it sets the tone for what follows — a genuinely honest account of a week that went wrong, why it went wrong, and what’s actually changing as a result. No corporate softening. No passive voice. Worth reading if you run OpenClaw as infrastructure.
What Actually Broke
Trouble started around April 24th. By April 29th it was undeniable. Gateways slowed down. Some installs got stuck in plugin dependency repair loops — not stuck once, stuck in loops, which means startup was failing repeatedly and users had to intervene manually. Discord, Telegram, WhatsApp, and other channel integrations behaved worse than they should. People downgraded. Some lost meaningful time.
This wasn’t one bug. It was several things hitting at once. Plugin dependency repair was running in both startup and update paths. Bundled and external plugins were in a half-split state — partially moved out, not fully separated. ClawHub artifact metadata was still settling. Gateway cold paths did too much work on startup. Each one of those individually would have been manageable. All at once, compounding, meant a bad week for anyone running OpenClaw in production.
The Refactor That Created the Problem
The underlying goal was right. OpenClaw has been moving toward a smaller core: fewer bundled dependencies, cleaner plugin boundaries, better release hygiene, better security posture. The kind of boring infrastructure work that matters when people run something as actual infrastructure rather than a personal project.
Recent npm ecosystem supply-chain incidents made this feel urgent rather than optional. OpenClaw didn’t directly depend on Axios, but that’s not really the point — the risk was the shape of the dependency graph. Transitive packages. Install-time behavior. Postinstall scripts. Packages pulling packages pulling packages. That’s the attack surface that matters, and shrinking it is the right call.
The execution is where it went wrong. Channels, providers, heavy tools, parsers, and optional integrations started moving out of core. The plugin inventory now tracks what ships in core, what installs separately, and what requires a source checkout. But during the transition, OpenClaw ended up in the worst possible middle state: too much moved toward plugins, while too many plugins were still bundled, repaired, staged, checked, or dependency-loaded in the places users feel immediately. That’s the combination that produced the loops and the slowdowns.
The Structural Problem Behind the Technical One
The founder named something more uncomfortable than a bad release. OpenClaw was too founder-driven. Too much of the release work, review work, packaging, and support sat with one person. That’s fine for a personal project. It’s a liability when people run it as infrastructure.
Through the OpenClaw Foundation, and with help from OpenAI, a real team is being built around the project. That’s a meaningful structural change — not a staffing announcement, but an acknowledgment that the project’s current operating model doesn’t match the way people are actually using it.
Release cadence is also changing. An LTS release alongside faster update cycles is coming. For operators who need stability over features, that’s the right architecture. The current model — fast updates, one person reviewing — created the conditions for exactly this kind of incident.
What OpenClaw Is Doing Differently
The core keeps getting smaller. That direction isn’t changing — it’s the right call for security and maintainability. But the path has to be more careful. Plugin boundaries need to be clean before the move happens, not cleaned up during a live release. Dependency repair shouldn’t run in paths users feel at startup.
Better scanning, better release hygiene, clearer separation between what’s in core and what’s a plugin. These aren’t new priorities — they were already the stated direction. The difference is that the incident made the cost of getting the transition wrong concrete and visible. That kind of pressure tends to change how carefully the next steps get handled.
The post-mortem ends with something worth quoting directly: OpenClaw will keep getting more secure, it will get smaller, but it has to stay boringly reliable while that happens. Boringly reliable is the right target for infrastructure. The rough week was a reminder of what the cost of missing that target looks like for the people running it.
