OpenClaw merged PR #96506, "fix(plugins): stop ClawHub version install from inheriting latest compatibility", a small-looking plugin installer fix with real consequences for production operators.
The bug showed up when an operator tried to install a specific older version of a ClawHub plugin. The command named the version explicitly, but OpenClaw still evaluated the latest plugin release's compatibility requirement. That meant an older gateway could be blocked by the newest plugin metadata even when the requested historical plugin version should have matched the older host.
For teams pinning OpenClaw versions in Kubernetes, OpenShift, or other controlled environments, that is exactly the kind of failure that turns a routine install into an upgrade pressure point.
The Versioning Gap
The PR uses the Anthropic Vertex provider as the motivating example. An operator running an OpenClaw gateway pinned to 2026.6.8 attempted to install the matching @2026.6.8 provider plugin from ClawHub. Instead of checking the compatibility attached to that version, the install path inherited the latest plugin version's runtime requirement and rejected the install.
That is not how version pinning is supposed to work. If a package registry exposes multiple versions, the compatibility check needs to follow the selected version, not the newest one.
The failure mode matters because provider plugins are often part of carefully managed runtime stacks. A team might pin the gateway, model provider, and deployment image together for stability. If ClawHub installs silently drift toward latest metadata, the operator loses one of the main benefits of pinning.
What Changed
The patch keeps compatibility resolution attached to the exact ClawHub plugin version that OpenClaw is installing. The PR changes only two files, but adds more than 200 lines of focused installer coverage around the versioned path.
The practical behavior is straightforward:
- Installing an explicit plugin version checks that version's metadata.
- The latest plugin version no longer shadows older version compatibility.
- Operators can keep a gateway on a stable OpenClaw version while installing a matching provider plugin.
- ClawHub still enforces compatibility; it just enforces the right compatibility record.
That distinction is important. This is not a weakening of plugin safety. It is a correction to make the safety check precise.
Why Operators Should Care
OpenClaw's plugin ecosystem has been moving quickly, especially around model providers and ClawHub-distributed runtime extensions. Fast-moving marketplaces are useful, but production operators also need rollback and pinning semantics they can trust.
Versioned installs are part of that contract. If a new provider plugin release requires a newer OpenClaw runtime, older installations should not be forced forward unless the operator chooses to move. At the same time, OpenClaw should still prevent a truly incompatible plugin from being installed.
PR #96506 puts that boundary back where users expect it: on the version they asked for.
Bottom Line
This is a maintenance fix, but it lands in a high-value part of the OpenClaw stack. ClawHub is becoming a real distribution channel for provider plugins and operational tooling. That means version pinning has to behave like infrastructure, not like a best-effort convenience.
With PR #96506 merged, pinned ClawHub plugin installs should be less surprising for teams running stable OpenClaw gateways.