How-Tos

Anthropic published its Trustworthy Agents in Practice framework yesterday — a five-principle safety baseline for autonomous Claude agents. The principles are solid, but they’re abstract. This guide translates each one into concrete configuration and design choices you can make in OpenClaw today. The Five Principles (Quick Summary) Before the how-to: Anthropic’s framework names five principles for trustworthy agent operation: Human control — Maintain meaningful oversight; prefer reversible actions Alignment with user expectations — Act on intent, not just literal instruction Security — Resist prompt injection and adversarial inputs Transparency — Be honest about capabilities, limitations, and actions taken Privacy — Operate with minimum necessary access to data Each maps to specific choices in how you configure and constrain your agents. ...

Anthropic’s Claude Managed Agents entered public beta on April 8, 2026. If you’ve been waiting for a managed platform to deploy Claude-powered agents without standing up your own infrastructure, this is it. Here’s how to get started. Prerequisites Before you begin, you’ll need: An Anthropic API account (platform.anthropic.com) Access to the Managed Agents beta (apply at the developer platform) Basic familiarity with REST APIs or the Anthropic Python/TypeScript SDK Python 3.10+ or Node.js 18+ for the examples below Step 1: Apply for Beta Access Navigate to platform.claude.com and look for the Managed Agents section. As of the public beta launch, this is open to teams — not just individual developers. You’ll want to apply with your organization’s use case described, as Anthropic appears to be prioritizing enterprise workloads. ...

OpenClaw v2026.4.8 ships an experimental plugin called memory-wiki — a persistent, structured knowledge base that lives across agent sessions. Unlike the flat key-value store of standard memory plugins, memory-wiki organizes knowledge into structured entries and, crucially, detects contradictions when new facts conflict with existing ones. This guide walks you through installing the plugin, configuring it, and using it effectively in your agents. Prerequisites OpenClaw v2026.4.8 or later (run openclaw --version to check) Node.js v20 or later If upgrading from an older install: run openclaw doctor --fix first to migrate legacy config Step 1: Install the Plugin openclaw plugins install memory-wiki This pulls the plugin from ClawHub and adds it to your OpenClaw configuration. The memory-wiki plugin ships as part of the 4.8 release package, so the install should complete immediately without downloading external dependencies. ...

Google’s Agent-to-Agent (A2A) protocol is fast becoming the standard handshake for cross-agent communication in production agentic systems. A new deep-dive from freeCodeCamp — paired with a working GitHub implementation at win4r/openclaw-a2a-gateway — shows exactly how to wire A2A into an OpenClaw plugin so your agent can receive tasks from any A2A-compliant caller. This how-to summarizes the architecture and key implementation steps. For the full guide, see the freeCodeCamp article. What You’re Building An A2A plugin bridge does three things: ...

Three command injection vulnerabilities in Claude Code CLI — CVE-2026-35020, CVE-2026-35021, and CVE-2026-35022 — carry CVSS scores of 9.8 (Critical) and chain together to enable credential exfiltration over HTTP. If you’re running Claude Code in any CI/CD pipeline, this guide walks you through immediate mitigation steps and longer-term hardening practices. This is not optional maintenance. These are exploitable, validated vulnerabilities with confirmed callback evidence. Prerequisites Access to your Claude Code CLI deployment(s) Access to your CI/CD pipeline configurations (GitHub Actions, GitLab CI, Jenkins, or equivalent) Basic shell access to environments where Claude Code runs Permission to update environment variable configurations and outbound network rules Step 1: Check Your Version and Patch Immediately The vulnerabilities are confirmed exploitable on v2.1.91 and earlier. Your first action is to identify and update every Claude Code CLI instance. ...

Google DeepMind’s new research framework maps six categories of “AI Agent Traps” — adversarial techniques embedded in the environment that can hijack autonomous agents without the user or the agent knowing. With content injection attacks succeeding in up to 86% of tested scenarios, this isn’t theoretical risk. This guide walks through each of the six trap categories and gives you concrete, actionable mitigations you can implement today — whether you’re running OpenClaw, a custom LangGraph pipeline, or any other agent framework. ...

LangChain published a framework today for thinking about continual learning in AI agents — and it’s one of the clearest mental models for this problem that’s appeared in the wild. This guide takes that framework and turns it into a practical implementation playbook, with code examples for each layer and decision criteria for choosing between them. The three layers, briefly: agents can learn through context (runtime-injected instructions), storage (external memory), or weights (model fine-tuning). Each has different costs, speeds, and durability characteristics. ...

MolmoWeb is Ai2’s open-source browser agent — 8B parameters, Apache 2.0, no API key required. It scores 78.2% on WebVoyager and beats GPT-4o-based agents on multiple benchmarks. Here’s how to get it running locally. System requirements: GPU with at least 16GB VRAM (for 8B model) or 8GB VRAM (for 4B model) Ubuntu 20.04+ or macOS 12+ (Linux recommended for GPU support) Python 3.10+ Chrome or Chromium browser installed Step 1: Clone the Repository git clone https://github.com/allenai/molmoweb.git cd molmoweb Step 2: Create a Virtual Environment and Install Dependencies python3 -m venv molmoweb-env source molmoweb-env/bin/activate pip install -r requirements.txt The requirements include PyTorch, the Transformers library, Playwright for browser control, and Pillow for screenshot processing. The full install typically takes 3–5 minutes on a good connection. ...

Claude Code Ultraplan offloads your most complex planning tasks to a cloud Opus 4.6 session for up to 30 minutes — while you keep working locally. Here’s how to use it in five steps. Prerequisite: Ultraplan requires the $400/month Claude Code plan tier. Step 1: Open Ultraplan from the Command Palette In Claude Code, open the command palette (Cmd/Ctrl + Shift + P) and type Ultraplan. Select “Claude Code: Start Ultraplan Session”. ...

Claude Code’s latest release (v2.1.9x) adds initialPrompt — a YAML frontmatter field that auto-submits a first turn when a subagent is spawned. This guide shows you exactly how to use it. What You’ll Accomplish By the end of this guide, you’ll have subagents that start executing immediately when invoked — no manual prompting required. Prerequisites Claude Code v2.1.9x or later (claude --version to check) An existing Claude Code project with at least one subagent definition Basic familiarity with YAML frontmatter in agent files Step 1: Update Claude Code First, make sure you’re on the latest version: ...