OpenClaw is separating group-room context from user requests, while tightening plugin and skill install paths
The most interesting fresh OpenClaw work after v2026.5.12-beta.4 is not a shiny feature; it is boundary cleanup for always-on agents. PR #81317 adds room-event semantics so ambient Telegram group chatter is kept as context but no longer treated like a fake user request. The PR says these turns stay quiet by default, do not emit ack/status reactions or reasoning drafts, and only speak if the agent deliberately calls the message tool; the author also reports real Telegram bot-to-bot E2E coverage for tagged, ambient no-leak, tool-send, and carry-forward context cases. Nearby PR #81365 bootstraps configured agent sessions through the normal sessions.create path before first send, #81364 reapplies ClawHub exact-release trust checks before plugin downloads, #81362 prevents a bad workspace skill directory from killing remote-bin refresh for all connected nodes, #81361 raises plugin install scan limits for large Codex dependency trees, and closed issue #80888 documents a cron pre-model watchdog that could kill active isolated jobs after 60 seconds because Pi and CLI runners did not emit model_call_started.
Group agents fail less from model cleverness than from turn semantics: was that sentence a request, context, or background noise? PR #81317 is notable because it turns that distinction into runtime behavior. The plugin and skill changes matter for the same reason: once an agent is always on, untrusted installs and brittle scan paths become operational risk, not just setup friction.
- PR #81317 adds room-event turn semantics and routes Telegram always-on non-trigger group messages through quiet message-tool-only invisible room events
- The PR reports live Telegram E2E tests covering tagged control, ambient no-leak, ambient message-tool send, and room-context carry-forward scenarios
- PR #81365 creates configured agent main sessions through sessions.create before first send and lets sessions_send target a configured agent by agentId
- PR #81364 requires ClawHub exact-release trust checks before plugin downloads and can fail closed when security data is unavailable or malformed
- PR #81362 catches workspace skill scanning errors so one bad workspace does not abort remote-bin refresh for all remaining connected nodes
- Issue #80888 says the cron pre-model watchdog could kill active isolated runs longer than 60 seconds when runners failed to emit model_call_started
- Most items are PRs rather than a tagged release, so behavior may change before operators receive it
- Quiet room events reduce accidental replies, but teams still need clear policies for when group context can influence later actions
- Trust checks and higher scan limits improve safety and install success, but plugin code remains supply-chain surface area