How-Tos & Practical Guides

OpenClaw v2026.2.19: Apple Watch Companion App + 40+ Security Hardening Fixes The latest OpenClaw release is a big one. Version 2026.2.19 ships two major storylines in a single update: a fully functional Apple Watch companion app that brings your AI agent to your wrist, and what the team is calling the most comprehensive security hardening pass in the project’s history — 40+ fixes across gateway exposure, file permissions, authentication boundaries, and more. A follow-up patch (2026.2.21-1) shipped via npm shortly after. ...

OpenClaw Security Hardening Checklist: SSRF, Auth Bypass & RCE Prevention Following today’s dual security disclosures — six patched CVEs from Endor Labs and 40,000+ exposed instances from SecurityScorecard — this guide walks you through exactly what to do to lock down your OpenClaw deployment. Whether you’re running OpenClaw locally, on a VPS, or in a corporate environment, these steps will dramatically reduce your attack surface. Bookmark this. Share it with your team. Run through it today. ...

OpenClaw v2026.2.21: Gemini 3.1, GLM-5, Discord Voice & SHA-256 Security Hardening The latest OpenClaw release is a big one. Version 2026.2.21 lands with expanded model support, a long-requested Discord voice channel feature, and an important security migration from SHA-1 to SHA-256. Here’s everything you need to know — and how to take advantage of it. What’s New in v2026.2.21 Gemini 3.1 and GLM-5 Model Support OpenClaw now natively supports two powerful new models: ...

If you’re running OpenClaw with browser control features, you need to patch GHSA-mr32-vwc2-5j6h today. This how-to walks you through the full process: checking your current version, verifying exposure, patching, and applying the new Docker network hardening from 2026.2.21. For the threat model and full vulnerability details, see the news article on GHSA-mr32-vwc2-5j6h. Here we focus on the practical steps. Step 1: Check Your Current Version openclaw --version If you see anything before 2026.2.21-1, you’re vulnerable. The patch was shipped in the -1 suffix release specifically for this CVE — 2026.2.21 alone is not sufficient. ...