This was the week OpenClaw went from open-source phenomenon to enterprise infrastructure story. NVIDIA unveiled NemoClaw at GTC โ€” a security and runtime wrapper designed to make OpenClaw agents safe enough for corporate deployment. Tencent shipped ClawBot, embedding OpenClaw directly into WeChat for 1.4 billion users. And the core project itself dropped v2026.3.22 with 48-hour agent sessions, production-ready secrets management, and a batch of security fixes. Here is everything that matters for enterprise teams this week in OpenClaw Weekly.

NVIDIA NemoClaw: The Enterprise Security Layer OpenClaw Needed

At GTC on March 16, NVIDIA announced NemoClaw โ€” an enterprise-grade wrapper that installs OpenShell sandboxing, policy-based guardrails, and a privacy router on top of a standard OpenClaw deployment in a single command. Jensen Huang called OpenClaw “definitely the next ChatGPT” during the keynote.

NemoClaw bundles Nemotron models for local inference on DGX Station and DGX Spark, creating a fully self-contained agent stack that keeps sensitive data off the public internet. The privacy router manages the boundary between local and cloud models, letting organizations define exactly what data leaves the perimeter.

For enterprise teams that have been watching OpenClaw’s security track record with concern โ€” 9+ CVEs in two months, 30,000+ exposed instances, a supply-chain poisoning campaign that hit 1,184+ skills โ€” NemoClaw is NVIDIA’s bet that the answer is not to abandon OpenClaw, but to wrap it in infrastructure-grade controls. It is in early preview and not production-ready, but the direction is clear.

Tencent Puts OpenClaw in WeChat for 1.4 Billion Users

Tencent launched ClawBot, a plugin that embeds OpenClaw agents directly into WeChat. This is the single largest distribution event in OpenClaw’s history โ€” WeChat has 1.4 billion monthly active users.

Alongside ClawBot, Tencent rolled out QClaw for individual users, Lighthouse for developers, and WorkBuddy for enterprise teams. The suite positions Tencent as the first hyperscaler to ship a fully integrated OpenClaw experience across consumer, developer, and enterprise tiers in a single platform.

The enterprise implications are significant. WeChat is already the dominant workplace messaging tool in China. Adding autonomous AI agents to that surface means millions of knowledge workers will have their first interaction with agentic AI through a platform they already use daily โ€” not through a terminal or IDE.

v2026.3.22: 48-Hour Sessions, New Default Model, and Breaking Changes

OpenClaw v2026.3.22 shipped on March 22 with several significant changes:

  • 48-hour agent sessions โ€” The default timeout jumped from 10 minutes to 48 hours, fixing long-running sessions that were silently dying at the 600-second mark. This is the change that makes OpenClaw viable for complex, multi-step workflows that take hours to complete.
  • MiniMax M2.7 as the default model โ€” Replaces M2.5. Claude via Google Vertex AI is also now natively supported.
  • First-party web search โ€” Exa, Tavily, and Firecrawl bundled as built-in plugins, eliminating the need for community skill installs for common search tasks.
  • SecretRef production-ready โ€” Secrets management now covers 64 credential targets with eager resolution, fail-fast on unresolved refs, and atomic-swap reloads. Credentials no longer need to sit in plaintext configuration.
  • Performance โ€” Cold-start times reduced significantly through lazy-loading. WhatsApp gateway boots dropped from tens of seconds to single digits.

Breaking Changes to Note

Teams running OpenClaw in production should review two breaking changes carefully. Plugin installation now prefers ClawHub over npm for npm-safe package names โ€” this shifts the ecosystem’s center of gravity toward ClawHub as the canonical registry. And all CLAWDBOT_* and MOLTBOT_* environment variables are deprecated in favor of OPENCLAW_* equivalents, completing the brand cleanup. Run openclaw doctor --fix to migrate.

Security: Patches, Bans, and Persistent Exposure

The v2026.3.22 release patches a Windows flaw that allowed remote file:// URLs to trigger outbound SMB credential handshakes, invisible Unicode padding that could hide text in exec approval prompts, and gaps in device pairing and webhook authentication.

Beyond the patches, the broader security picture remains mixed. China’s government instructed state-run enterprises, banks, and agencies to remove OpenClaw from office devices, citing risks from its broad data access. China’s CERT issued a formal security warning. The contradiction is striking: Beijing bans OpenClaw on government networks while local governments in Shenzhen and Wuxi subsidize companies that build on it.

Researchers continue to find 30,000+ internet-exposed instances running without authentication. For any enterprise evaluating OpenClaw, the security posture is improving release-over-release, but the exposed-instance problem and the ClawHub skill vetting gap remain unresolved.

China’s Big Three All-In on OpenClaw-Inspired Agents

Beyond Tencent’s ClawBot, two other Chinese tech giants made major moves this week:

  • Baidu unveiled its DuClaw suite โ€” DuMate for desktop, RedClaw for mobile, and DuClaw for zero-deployment cloud hosting at ~$2.50/month. Agents handle multi-step tasks like video editing, presentations, and research.
  • Alibaba launched Wukong through its DingTalk unit โ€” an enterprise agent platform built on Qwen that coordinates multiple agents for document editing, meeting transcription, and approvals. Slack and Microsoft Teams integration is on the roadmap.

SecurityScorecard reports that China has already surpassed the US in OpenClaw adoption. With Tencent, Baidu, and Alibaba now all shipping OpenClaw-derived products, the framework has crossed from niche experiment to industry standard in the Chinese market.

The Commoditization Question

CNBC reported this week that OpenClaw’s success is sparking concern that AI models are becoming commoditized. An independent developer โ€” not a richly valued lab like OpenAI or Anthropic โ€” produced the next breakout AI product. The implication: if the agent layer is where value accrues, and that layer is open source, what is the moat for foundation model providers?

For enterprise decision-makers, this framing matters. OpenClaw’s model-agnostic design โ€” it works with Claude, GPT, Nemotron, MiniMax, DeepSeek, and others โ€” means organizations are not locked into a single provider. That is a powerful position for cost optimization and risk management, but it also means the security and governance burden falls entirely on the deployer.

What to Watch

  • NemoClaw GA timeline โ€” NVIDIA’s enterprise wrapper is in early preview. Watch for production-readiness announcements and whether it becomes the default deployment path for organizations uncomfortable with raw OpenClaw.
  • WeChat ClawBot adoption โ€” Tencent’s integration just shipped. The next 2-4 weeks will reveal whether 1.4 billion users translate into meaningful agent session volume.
  • Foundation formalization โ€” Post-Steinberger governance remains informal. Watch for formal incorporation, a charter, and clarity on how OpenAI’s funding relationship avoids conflicts with the project’s multi-model ethos.
  • ClawHub skill vetting โ€” With ClawHub now the default install source and 1,184+ confirmed malicious skills from the ClawHavoc campaign, the registry’s security posture is the top unresolved enterprise concern.

Check back next week for the latest on OpenClaw and the broader AI agent ecosystem. If your organization is evaluating OpenClaw for enterprise deployment and needs help navigating the security, governance, and integration landscape, contact Big Hat Group.