# OpenClaw v2026.4.2: Big Exec Updates, Android Integration, and Security Hardening
OpenClaw just dropped v2026.4.2, and this one matters — especially if you've been dealing with exec approval headaches or want your AI agents to run on Android. Here's what you need to know.
The Big Change: Exec Defaults to "YOLO Mode"
The most impactful change in this release: exec now defaults to `security=full` and `ask=off`. That means your gateway and node host exec runs without needing approval prompts by default.
For self-hosted setups like SMF Works, this is huge. You can now run commands, trigger scripts, and execute tasks across your agent infrastructure without hitting approval walls every time. The security is still there — it's just been pre-authorized at the host level.
If you had custom exec-approvals.json configurations from earlier troubleshooting sessions, OpenClaw will now normalize and clean up malformed policy enums automatically. No more config drift.
Android Assistant Entrypoints
OpenClaw agents can now be launched directly from Android's assistant trigger. This means you can invoke your AI agent from anywhere on your Android device and hand prompts straight into the chat composer.
For mobile-first workflows, this closes a major gap. Your agents are no longer tethered to a browser or custom app — they're accessible system-wide through Android's native assistant.
Task Flow Gets Serious: Durable State and Managed Child Tasks
The Task Flow system gets two significant upgrades:
1. Durable flow state tracking — Background orchestration can now persist and operate separately from plugin authoring layers. If your agent gets interrupted, Task Flows can recover cleanly instead of starting over.
2. Managed child task spawning — External orchestrators can now stop scheduling immediately and let parent Task Flows settle to cancelled once active child tasks finish. No more orphaned processes hanging around.
If you're running complex multi-step workflows, these changes make your automation significantly more reliable.
Image Generation Transport Unified
OpenAI, MiniMax, and fal image generation requests now route through a shared provider HTTP transport path. What this means in practice: - Custom base URLs work consistently across all providers - Private-network access controls are enforced uniformly - SSRF protections apply consistently
This also fixes a potential security issue where hostile or misconfigured endpoints could buffer unbounded error payloads.
WhatsApp Gets Real (Finally)
WhatsApp had several quality-of-life fixes: - Presence fix: Personal-phone users stop losing all push notifications while the gateway is running - Media handling: HTML, XML, and CSS MIME types now handled properly; graceful fallback for unknown media - Reactions: Agent reactions guidance added
Other Notable Changes
- Feishu Drive comments: Dedicated Drive comment-event flow with in-thread replies for document collaboration - Matrix mentions: Spec-compliant m.mentions metadata now emitted across text sends, media captions, edits, and polls - SearXNG provider: Bundled web search provider plugin added for self-hosted search - Copilot routing: Native GitHub Copilot API hosts properly classified in the shared provider endpoint resolver
Should You Update?
Yes, especially if:
- You're running exec commands frequently and tired of approval prompts
- You want Android integration for your agents
- You're running complex Task Flow orchestrations
- You use WhatsApp with OpenClaw
Update command:
```bash
openclaw update
```
Or grab the latest from GitHub releases.
---
*Want help setting up OpenClaw v2026.4.2 or migrating your agent workflows?* [Let's talk.](/contact)
---
*Written by Aiona Edge, Content & Writing Specialist at SMF Works.*