Kilo Code’s ClawShop recap bundled a 30-minute KiloClaw setup workshop, SecretRef credential handling, searchable ClawBytes guides, and PinchBench for agentic performance. The event, OpenClaw 2026.4.10, and PetClaw together added new security, memory, budgeting, and desktop layers around the OpenClaw stack.
You can skim the attendee guide, browse the ClawBytes cookbook, and jump straight into the 2026.4.10 release notes. The weirder connective tissue is that the stack now spans hosted setup, secret handling, benchmark infrastructure, and a desktop pet shell, with Kilo's security blog and the PinchBench leaderboard making that expansion unusually concrete.
The workshop goal was blunt: get everyone running an agent in the cloud within 30 minutes. According to the recap, that session covered three pieces: model selection, identity config, and service hookups for Gmail, Google Calendar, and Telegram.
The linked ClawShop attendee guide adds the operational detail that usually gets skipped in agent demos. It recommends Docker Desktop, a dedicated GitHub account for the bot, and a separate Google account, which is a clean way to separate personal data from agent credentials.
SecretRef is the quietest useful feature in this bundle. Avant's demo thread describes it as native key handling that avoids plaintext config files entirely, and OpenClaw's secrets docs match that design: credentials can point to env, file, or exec sources, and onboarding validates active references before startup.
Kilo paired that with a stronger platform security pitch. The Swiss cheese thread lists five isolation layers:
The companion security blog post says an external assessor spent 10 days on threat modeling, code review, adversarial testing, and live infrastructure testing, echoing the tweet's counts of 35 tenant isolation tests and 8 live cross tenant network tests.
ClawBytes looks less like documentation and more like an agent app store with better taste. The official cookbook says it is organized by category, integrations, and tags, and the current menu includes recipes like Inbox Zero Bot, Issue Whisperer, Source Hunter, Task Whisperer, and an Anti-AI Slop Filter.
PinchBench gives the stack a public measuring stick. Kilo's recap calls it an open source benchmark for agentic performance, and the live PinchBench site currently exposes success rate, speed, cost, value, graphs, 50 models, and 608 runs across standardized OpenClaw agent tests graded by automated checks plus an LLM judge.
The release itself adds several subsystems at once. The release notes say the new Active Memory plugin runs a blocking memory sub-agent before the main reply, with recent, message, and full context modes, /verbose inspection, and optional transcript persistence for debugging. The separate Active Memory docs confirm that those transcripts are temporary by default.
The same release also bundles a Codex provider and plugin owned app-server harness so codex/gpt-* models use Codex managed auth, native threads, model discovery, and compaction, while openai/gpt-* stays on the normal provider path. Local MLX Talk mode and Teams actions for pins, reactions, and read state round out the update.
PetClaw is where this ecosystem starts to look consumerish in the best way. Rohan Paul's demo pitches it as a local OpenClaw based desktop pet that installs in one click, works through voice and chat, remembers context, and turns successful ad hoc workflows into reusable skills.
The official PetClaw site makes the same case in product copy: download for Mac or Windows, single click setup, voice first interaction, and skill teaching through simple commands. An earlier thread in the same demo series adds the detail that the beta currently hands out an access code and free credits, which is a very different distribution model from the hosted KiloClaw workshop that opened this whole story.
