What OpenClaw version does WeChat ClawBot plugin 2.0.x require?

Plugin 2.0.x requires an OpenClaw host at or above 2026.3.22; older gateways may install files but fail channel handshake or silently skip the weixin transport.

Why must I run openclaw gateway restart after npx install?

The CLI registers plugin metadata on disk; the long-lived gateway process only loads new channel drivers after restart, matching launchd or systemd recycle patterns documented for other OpenClaw channels.

How is official ClawBot different from Wechaty?

ClawBot uses Tencent's supported WeChat plugin path with mobile pairing; Wechaty relies on unofficial protocol emulation with higher account risk and no vendor SLA.

Can I use desktop WeChat for ClawBot?

Production guidance targets mobile WeChat 8.0.70+; PC WeChat is not a supported pairing surface for the official plugin entry in 2026 rollouts.

Should personal WeChat run on the same Mac as production OpenClaw?

Prefer a dedicated remote Mac or isolated user account with restricted workspace paths; binding a secondary personal number reduces blast radius if sessions must be isolated per-account-channel-peer.

2026 WeChat Official ClawBot for OpenClaw: One-Command Install, Version Gates, and Production Pitfall Decision Matrix

In May 2026 Tencent shipped an official WeChat ClawBot entry inside the mobile client, wired to OpenClaw through the @tencent-weixin/openclaw-weixin-cli installer rather than third-party protocol bridges. For teams that already run a gateway on a laptop, VPS, or remote Mac with launchd-managed OpenClaw, the promise is simple: copy one command, scan a QR code, restart the gateway, and talk to your agent from WeChat. The failure modes are equally predictable: plugin menu missing during gray release, semver mismatch on plugin 2.0.x, a gateway that never reloads the channel, or green probes with silent replies. This guide is an independent English runbook with version numbers, a channel comparison matrix, seven install steps, and production decisions you can hand to platform engineering without translating a marketing page.

1. Four-layer triage before you reinstall anything

WeChat ClawBot incidents cluster into four layers. Treat them as gates: fixing layer four while layer one is still red wastes hours and risks binding the wrong account. Layer one is product visibility: Settings shows no Plugins or ClawBot tile because the account is outside gray release, the app build is below 8.0.70 on iOS (8.0.69+ on Android), or the install was attempted from desktop WeChat which the 2026 official path does not support. Layer two is pairing: QR expired, network switched mid-scan, or the phone logged out before the host finished writing credentials under the OpenClaw state directory. Layer three is gateway process health: openclaw gateway status reports running but the weixin driver never loaded because you skipped openclaw gateway restart after CLI install, launchd still owns a stale plist, or CLI semver diverged from the daemon after a partial upgrade. Layer four is conversation logic: probes are green yet messages never reach the model because provider credentials failed, session.dmScope routes DMs to the wrong agent, or rate limits on the LLM side mimic a dead channel.

Map each layer to a single proof command before escalating. For layer three, pair gateway status with openclaw channels probe and the macOS launchd repair ladder in our gateway restart troubleshooting guide. For layer four, walk the doctor ladder documented in the OpenClaw installation and troubleshooting guide rather than repeatedly revoking WeChat authorization.

2. What official ClawBot is (and is not)

Official ClawBot is Tencent's supported bridge between the WeChat mobile client and your self-hosted OpenClaw gateway. Messages traverse WeChat's normal client infrastructure to Tencent-operated relay endpoints, then down to the plugin bundle the CLI installs on your host. That is materially different from scraping or emulating the WeChat protocol: you trade some data-path transparency for account safety and a documented upgrade channel tied to plugin semver. What ClawBot is not is a hosted OpenClaw SaaS. Model choice, tools, filesystem access, skills, and safety policies remain entirely local, defined in openclaw.json and your workspace layout. If you expected the phone UI to configure Grok fallbacks or sub-agent trees, configure those on the host first, then validate from WeChat.

Three pain points show up in every early-adopter thread, and they are worth naming explicitly because they drive architecture decisions. First, gray release unpredictability: the plugin entry simply does not exist for some accounts even on current app builds, which looks like an install bug but is policy gating. Second, mobile-only pairing friction: operators who live in desktop WeChat for support queues must still borrow a phone for binding and re-auth, which breaks unattended datacenter fantasies unless you document custody of that device. Third, gateway uptime coupling: WeChat expects a reachable, consistently versioned OpenClaw gateway; sleeping laptops and spotty home NAT produce "connected yesterday, silent today" reports that are host problems wearing a WeChat mask.

3. Channel matrix: ClawBot vs Wechaty vs WeCom webhook

Picking a China-facing channel is a compliance and operations decision, not a feature checklist. Use the matrix below when stakeholders ask why you rejected a community bridge or why WeCom remains the corporate path while personal WeChat uses ClawBot.

Dimension	Official WeChat ClawBot	Wechaty / community bridges	WeCom (Enterprise WeChat) webhook
Vendor stance	Supported Tencent plugin path tied to OpenClaw releases	Unofficial protocol emulation; account ban risk	Enterprise contract surface; IT admin controls
Typical user	Individual operators, prosumer agents, small teams on personal WeChat	Hackathon prototypes accepting account loss	Company staff on corp IDs, ticketing, internal bots
Pairing model	Mobile Settings, Plugins, QR via `openclaw-weixin-cli`	Token or puppet-specific login flows	Corp app credentials, callback URL, often outbound-only webhooks
Host requirements	OpenClaw >= 2026.3.22 for plugin 2.0.x; 24/7 gateway	Varies by puppet; often Node service plus sidecar	HTTPS endpoint or VPN to corp network; see WeCom automation guide
Data path	WeChat client to Tencent relay to your gateway	Direct unofficial session; opaque to Tencent	Corp tenant boundaries, audit logs, DLP hooks
When to choose	You need personal WeChat with lowest ban risk and can meet version gates	Only disposable accounts or research, not production	HR, finance, or IT mandates Enterprise WeChat for staff-facing bots

4. Prerequisites and version gates

Treat semver as a hard gate, not a suggestion. Plugin 2.0.x documentation states an OpenClaw host at 2026.3.22 or newer. Below that line you may see successful npx output while the gateway logs handshake errors or omits the weixin channel entirely. On the phone, plan for WeChat 8.0.70+ on iOS and 8.0.69+ on Android; older builds hide the plugin surface even when the host is correct. Node.js should remain on the OpenClaw baseline (22.x) documented in the installation guide, and the CLI package itself should be pinned during production change windows: @latest is fine for labs, but production should record the resolved version in your change ticket.

Network and custody matter as much as semver. The host needs stable outbound HTTPS, consistent clock sync, and a process supervisor that survives reboots. If you bind a personal WeChat used for family chat, accept that automated replies may leak into the wrong thread unless you configure session.dmScope and separate agents. For corporate-sensitive content, stop at WeCom instead of personal WeChat; the enterprise guide covers webhook hardening and workspace boundaries that ClawBot does not replace.

# Host baseline checks (run on the OpenClaw machine)
openclaw --version          # must be >= 2026.3.22 for plugin 2.0.x
node -v                     # v22+ per OpenClaw 2026 baseline
openclaw gateway status     # confirm supervised daemon, not a stale manual process
openclaw channels probe     # note pre-install channel list for diffing after pairing

5. Seven-step install and acceptance

The official UX is intentionally short; these seven steps expand it with acceptance criteria operators can paste into runbooks.

Confirm gray release and app build on the phone. Open WeChat, verify version 8.0.70+ (iOS) or 8.0.69+ (Android), and locate Settings, then Plugins, then the ClawBot entry. If missing, halt: no amount of CLI forcing creates the menu.
Copy the install command from the plugin screen. Tencent shows a one-liner equivalent to the public package; keep it for audit trails even if you standardize on the command below.
Run the official CLI on the OpenClaw host. Execute from the same UNIX user that owns the gateway service so credential paths align with launchd or systemd HOME.
Scan the QR code immediately. Timeboxed codes expire; after two failures, regenerate from the phone before blaming the gateway.
Restart the gateway. Install writes plugin metadata; the long-lived process must reload drivers. This step is non-optional and is the top fix for "installed but dead" reports.
Re-probe channels. Expect WeChat to report green only when both gateway health and weixin registration match semver.
Run conversation acceptance. Send a DM and, if you use groups, a muted test group message; capture logs with redaction per your logging baseline post.

# Step 3 — official installer (lab pin @latest; prod pin a resolved version)
npx -y @tencent-weixin/openclaw-weixin-cli@latest install

# Step 5 — mandatory gateway recycle
openclaw gateway restart

# Step 6 — acceptance probes
openclaw gateway status --deep
openclaw channels probe
openclaw doctor --fix-channel=weixin   # only after probes, per ladder discipline

If restart returns success but listeners stay stale on macOS, escalate to launchd bootout and bootstrap for com.openclaw.gateway as documented in the gateway restart article rather than looping QR scans. If probes fail with pairing errors, capture CLI and gateway semver together; split-brain upgrades are a common false negative on new channels.

6. Production pitfall decision matrix

Once install works in a lab, production risk shifts to policy, identity, and blast radius. Use the decision prompts below when security or legal asks for a go or no-go.

A. Gray not open: If the plugin tile is absent on a current build, record account ID and region, pause the project, and do not deploy Wechaty as a "temporary" production workaround on the same brand account.
B. PC WeChat unsupported: Do not train support staff to expect desktop pairing; provide a managed phone or accept that re-auth requires physical access.
C. Primary vs secondary numbers: Bind a dedicated secondary WeChat for automation; never pair your only recovery number without backup codes and session export discipline.
D. Tencent relay awareness: Message content leaves the pure self-hosted path; classify prompts and attachments accordingly, especially for regulated data.
E. Workspace least privilege: Restrict plugins.fs paths and shell tools before exposing group chats; WeChat groups amplify prompt injection surface.
F. Container vs bare metal: Docker is fine if volumes mount the same HOME tree launchd uses; mismatched HOME is the dominant cause of "works in SSH, fails in daemon" after pairing.

Overseas hosting adds latency and occasional policy friction but does not remove the need for a always-on gateway. If your threat model forbids Tencent relay entirely, ClawBot is the wrong channel: stay with email, Telegram, or self-hosted webhooks, or move staff-facing workflows to WeCom with corp controls.

7. Multi-account routing and session isolation

Teams sometimes bind more than one WeChat account to the same gateway during pilot programs. Without routing discipline, DM history collides and tools execute against the wrong workspace. OpenClaw's session.dmScope value per-account-channel-peer isolates sessions per bound account and peer, which is the default recommendation in multi-agent setups. You can still run a single orchestrator agent internally, but the session keys must not share state between personal and operations numbers. When HR requires corp IDs, split channels: personal WeChat via ClawBot, staff automation via WeCom OpenClaw integration so audit policies remain in the enterprise tenant.

Document which phone owns re-auth for each bound account. Gateways do not replace SIM custody; they only maintain TCP and plugin state while the phone stays logged in.

8. Why a 24/7 remote Mac host wins for WeChat

WeChat ClawBot is a notification-driven channel: users message when they are awake, across time zones, often during CI incidents. A MacBook that sleeps or a home NAS behind CGNAT breaks pairing health long before the model fails. A dedicated remote Mac with launchd supervision, APFS snapshots for workspace rollback, and SFTP or rsync for artifact sync gives you three operational wins: stable gateway uptime, filesystem layouts that match macOS OpenClaw docs, and physical separation between your personal laptop and the automation account bound to WeChat.

Operational sequencing on SFTPMAC-class hosts looks like this: provision Node 22 and OpenClaw at or above 2026.3.22, install the weixin CLI, pair from a managed phone, restart the gateway using the launchd-aware runbook, then wire CI to push skills and prompts via SFTP with checksum gates you already use for release artifacts. When incidents strike, you get serial diagnostics: gateway restart and launchd repair, channels probe, doctor ladder, then WeChat re-auth, instead of four teams guessing in parallel.

SFTPMAC remote Mac rental is aimed at exactly this profile: Apple Silicon memory for multi-agent orchestration, mac-native permission boundaries for restricted workspaces, and backbone connectivity that keeps WeChat callbacks from timing out during long tool runs. If you are shipping ClawBot to production, host it where your other 2026 OpenClaw channels already pass doctor probes, not on the same machine you close every evening.

9. FAQ

What OpenClaw version does plugin 2.0.x require? At least 2026.3.22 on the host. Upgrade the gateway before re-running npx install.

Why is gateway restart mandatory? The CLI updates on-disk plugin registration; the daemon loads channel drivers at start. Without restart, probes may reference stale transports.

Plugin entry missing on a new phone? Check gray release, app version, and account region; do not pivot to Wechaty on production identities.

Green probe but no reply? Escalate along model credentials and session routing, not WeChat rebind, until doctor shows provider health.

Enterprise staff only? Use WeCom webhooks and corp apps; keep ClawBot on personal or dedicated secondary numbers with explicit data classification.

Where next in the SFTPMAC blog? Start with installation and doctor basics, macOS gateway restart, and WeCom automation when you operate both personal WeChat and corp IDs on the same estate.