OpenClaw releases 2026.5.20 with Discord voice follow and secret warnings

• OpenClaw's release thread framed 2026.5.20 as a "boring fixes" drop, but it shipped five concrete quality-of-life changes across Discord voice, secret detection, model status, Windows installs, and xAI login.
• According to OpenClaw's Discord voice post, voice sessions can now follow configured users between channels, including multi-user handoff, allowed-channel checks, and DAVE recovery.
• OpenClaw's doctor update adds warnings when openclaw.json contains plaintext API keys or sensitive headers.
• OpenClaw's Windows installer note says the Windows setup flow no longer appears stuck at "Starting setup...", while OpenClaw's xAI login note adds device-code OAuth for headless and remote machines.
• testingcatalog's post and WesRoth's post also highlighted a separate Grok and X Premium integration that lets subscribers use Grok models inside OpenClaw.

You can browse the release notes, the Discord channel docs, the doctor docs, and the xAI provider docs. The useful bit here is how much of the release is about removing friction that only shows up after install: voice handoff edge cases, config hygiene, confusing model pinning, and auth flows that break on remote boxes.

The Discord change is more specific than "voice support got better." According to OpenClaw's Discord voice post, sessions now follow configured users into voice channels, keep allowed-channel checks in place, support multi-user handoff, and preserve DAVE recovery.

That turns voice from a fixed-room session into something closer to presence-aware routing. For teams running OpenClaw inside active Discord servers, the follow behavior is the actual feature, not just the voice transport.

The new doctor check targets a boring but common failure mode: plaintext secrets living in openclaw.json. OpenClaw's doctor update says the warning covers provider API keys and sensitive headers before they become a bigger cleanup problem.

OpenClaw also patched a different kind of confusion at runtime. When a session is pinned away from the default model, OpenClaw's model status note says the UI now shows the configured default, the selected model, the reason for the mismatch, a hint, and a docs link.

Two more fixes land squarely in the "why is this weird on my machine" bucket.

• OpenClaw's Windows installer note says Windows installs no longer visibly freeze at "Starting setup..."
• The same installer note says managed updates keep using the Gateway service Node instead of silently switching Node binaries.
• OpenClaw's xAI login note adds device-code OAuth, so xAI auth no longer depends on a localhost browser callback.

That last one is the cleanest remote-dev fix in the release. Headless boxes, SSH sessions, and hosted Windows machines are exactly where localhost callback flows get annoying.

Separate from the 2026.5.20 changelog, OpenClaw also pushed Grok access through existing xAI and X subscriptions. testingcatalog's post says Grok and X Premium subscribers can use Grok models inside OpenClaw on every tier, while WesRoth's post adds that the integration covers chat, image and video generation, and X search.

That gives the xAI login work in this release a second layer of context. OpenClaw's xAI login note is about smoother authentication, but testingcatalog's post and WesRoth's post show why OpenClaw bothered shipping it now.