Microsoft Build 2026 was the undisputed headline event this week, with Redmond going all-in on OpenClaw — launching Scout, its first “Autopilot” enterprise agent built on OpenClaw technology, and demonstrating a native OpenClaw Windows app. Simultaneously, researchers disclosed five critical zero-day vulnerabilities in OpenClaw’s allowlist identity resolution across six messaging platforms, underscoring the security maturity gap that comes with explosive adoption. And the OpenClaw-NVIDIA skill security partnership published detailed findings on multi-layered scanning that could define how the industry vets agent skills.

Microsoft Build 2026: OpenClaw Takes Center Stage

The defining story of the week — and arguably the year for the OpenClaw ecosystem — was Microsoft’s deep embrace of OpenClaw at Build 2026.

Microsoft Scout is the company’s first “Autopilot” agent: an always-on personal assistant integrated across Microsoft 365 (Teams, Outlook, OneDrive, SharePoint) with its own Entra identity, Work IQ context, and MCP server access. CEO Satya Nadella described Autopilots as “enterprise-grade Claws — autonomous, long-running agents with full enterprise compliance.” Available via the Copilot Frontier program, each Scout instance has a nameable identity (the demo called theirs “Sebastian”) and prepackaged skills for calendar management, meeting agendas, and task coordination.

The significance here isn’t just another Microsoft AI product — it’s the architecture. Scout is built on OpenClaw, not in competition with it. Microsoft is contributing policy conformance upstream to OpenClaw, meaning organizations running OpenClaw will soon be able to validate their environments against enterprise security and compliance requirements with audit-ready answers. This positions OpenClaw as the de facto open-source standard for agent infrastructure, with Microsoft as a contributing partner rather than a competitor.

Microsoft also demonstrated a native OpenClaw Windows app at Build, alongside enterprise-grade security controls, bringing OpenClaw directly into the Windows ecosystem. The Windows team released “Windows Development Skills” — structured agent knowledge for building native Windows apps using WinUI3 — available for agents including OpenClaw.

The Security Reality: Five Critical Zero-Days

Build euphoria was tempered by a sobering disclosure on June 8. Security researcher Philip Garabandic published details of five critical zero-day vulnerabilities in OpenClaw’s allowlist identity resolution system.

The core flaw is elegant in its simplicity: OpenClaw’s trust model relies on user-defined allowlists to determine who can interact with an agent. Human-readable display names were resolved to stable user IDs at service initialization time. Since display names are mutable across most chat platforms, an attacker could impersonate a trusted user simply by changing their display name to match an allowlisted identity.

The issue was initially spotted in OpenClaw’s Telegram integration (GHSA-mj5r-hh7j-4gxf), but the same root cause was found across five additional channel extensions: Slack, Discord, Matrix, Zalo, and Microsoft Teams. Each independently re-introduced the same insecure pattern — a repeated design weakness rather than a one-off bug.

The vulnerabilities were discovered using agentgg, an AI-driven static analysis tool that generates custom detectors based on historical advisories. The tool analyzed prior OpenClaw CVEs and developed targeted detection logic for recurring anti-patterns.

OpenClaw maintainers have applied fixes enforcing strict ID-based matching, with name-based resolution gated behind explicit configuration flags. But the discovery method is worth noting: as AI-powered security tooling matures, we should expect more of these automated findings against complex agent platforms.

Guillaume Ross of IANS Faculty put it bluntly: “Tools like OpenClaw are still very new and not very battle-hardened… we can expect many similar vulnerabilities to be found.” Josh More added: “The intent was always to test these tools with AI scanners once the scanners matured. We just crossed that threshold recently.”

NVIDIA Collaboration: How Safe Are Agent Skills?

The OpenClaw-NVIDIA skill security partnership, first announced in May, published technical details this week — and the data tells a revealing story.

Every ClawHub skill now ships with an NVIDIA Skill Card, an open trust-artifact documenting who published it, what it does, what ClawScan found, and provenance verification by ClawHub (not self-reported). The ClawScan pipeline runs three independent scanners before catalog publication:

  • Static analysis (custom OpenClaw scanner)
  • VirusTotal (malware reputation)
  • NVIDIA SkillSpector (AI-assisted semantic analysis for agentic risks)

The key finding: these three scanners barely overlap. Across 67,453 skill rows, no pair of scanners agrees on more than 10.4% of combined positives. Only 0.69% of skills (468 out of 67,453) are flagged by all three simultaneously. A full 81.9% of positive findings come from a single scanner alone.

What this means for enterprise teams: a single security scanner — whether it’s malware detection, static analysis, or AI behavioral analysis — is insufficient for vetting agent skills. Comprehensive protection requires multi-layered scanning that covers different risk surfaces. The NVIDIA Skill Card model is a template worth watching as the industry grapples with agent supply chain security.

Releases & Ecosystem Highlights

OpenClaw 2026.6.1 shipped as the latest stable release, with the 2026.6.5-beta pre-release carrying significant MCP improvements — tool result coercion to prevent Anthropic 400 errors, extended-thinking recovery after Gateway restarts, and stricter MCP lease timestamps. The new Parallel bundled web search provider joins the provider roster.

clawpatch, OpenClaw’s new automated code review tool, maps a repository into semantic feature slices, reviews each slice with an AI provider, and lands fixes via PR. Positioned as a lightweight open alternative to commercial AI code review tools.

On the ecosystem front, NanoClaw launched as a security-focused lightweight alternative with Docker container isolation and a deliberately small codebase. ClawX Desktop now bundles WeChat integration. And Agent37 announced white-label OpenClaw hosting from $3.99/month, making it easier for agencies to offer managed agent services.

Community-voted best model for OpenClaw (as of June 7): Kimi K2.5, followed by GLM 4.7 and Claude Opus 4.6.

What to Watch

  • Microsoft Scout enterprise rollout: How Microsoft’s first OpenClaw-powered Autopilot performs in real enterprise deployments will set expectations for this entire agent category. The upstream policy conformance contributions will reshape how organizations govern OpenClaw instances.

  • AI-powered vulnerability discovery accelerates: The agentgg tool that found these zero-days by learning from historical OpenClaw CVEs signals a new era of automated security research. Organizations running OpenClaw should tighten patching cadences and audit their agent deployment policies.

  • Skill card standardization: The NVIDIA Skill Card model — with its multi-scanner, independently verified approach — could become an industry standard for agent marketplaces. Watch for adoption across ClawHub alternatives and enterprise internal skill registries.

The OpenClaw Weekly briefing is produced by Big Hat Group, an Azure, Windows 365, and AI agents consultancy. Contact us at bighatgroup.com for help deploying and securing OpenClaw in your enterprise.