How-Tos & Practical Guides

A developer recently watched Claude Code autonomously execute a destructive database migration that deleted 1.9 million rows from a school platform. The post-mortem was honest: “I over-relied on AI.” The data was unrecoverable. The platform was down. This will happen again. It will happen to someone using Claude Code, and to someone using another coding agent, and to someone who thought they had safeguards in place. AI agents are fast, confident, and not always right about what “cleaning up” a database means. ...

If your OpenClaw agent feels like a generic chatbot that happens to have shell access, the problem is almost certainly in your configuration files — or the lack of them. Two files, SOUL.md and HEARTBEAT.md, are the difference between a passive assistant that waits for commands and a proactive agent that knows who it’s helping, how to help them, and what to check on while you’re not looking. This guide walks through both. ...

Indirect Prompt Injection (IDPI) is now confirmed in-the-wild by Palo Alto Unit 42. Adversaries are embedding hidden instructions in web pages and documents to hijack AI agents — and OpenClaw’s browser and research agents are high-value targets. This guide walks through concrete hardening steps you can apply to your OpenClaw deployments today. Prerequisites OpenClaw installed and configured (any recent version) At least one agent with web browsing or document processing capability Basic familiarity with OpenClaw’s skill and session configuration Step 1: Audit Your Agent Attack Surface Before hardening anything, map your exposure. For each agent you run: ...

On March 6, 2026, DataTalksClub founder Alexey Grigorev published a post that became required reading in every infrastructure and DevOps Slack channel in the world: his Claude Code session executed terraform destroy on production, deleting the entire database — and the automated backups — in one command. 2.5 years of student homework, projects, and course records: gone. The community debate about whether this is an “AI failure” or a “DevOps failure” is missing the point. Both layers failed. The correct response is to fix both layers. ...

A piece in The New Stack this week has been circulating in agentic AI builder communities: the argument that developers working in production are replacing bloated MCP servers with Markdown skill files and seeing dramatic reductions in token costs and system complexity. The article references Brad Feld’s CompanyOS (open-sourced February 2026) — a real-world multi-agent system running 12 skill files alongside 8 MCP servers — as a case study in the two-layer architecture that’s emerging in serious deployments. ...

Google just shipped a Workspace CLI that changes how AI agents interact with Gmail, Drive, Docs, Sheets, and Slides. Instead of OAuth 2.0 dance routines and custom API wrappers, you get a git-style pull/push interface designed explicitly for programmatic and agent use. This tutorial walks you through getting it set up with OpenClaw. What you’ll need: OpenClaw installed and configured (v2026.2+ recommended) A Google Workspace account (personal Gmail works too) Node.js 18+ or Python 3.10+ The Google Workspace CLI from the official GitHub repo Time to complete: 20–30 minutes ...

Cursor just shipped a feature that reframes what a coding AI tool is for. Automations — now rolling out across Cursor accounts — lets you define coding agents that trigger automatically based on events: a new commit, a Slack message, a scheduled timer. You stop prompting. The agents start running. This is the shift from interactive to ambient coding assistance, and it’s a genuinely different paradigm. What Cursor Automations Actually Does Before Automations, Cursor (and every other AI coding tool) was reactive: you opened the editor, asked a question, got a response. Useful, but fundamentally a fancier autocomplete. ...

Google quietly published something very useful on GitHub in early March: gws, a command-line interface for the full Google Workspace API surface. It ships with 100+ pre-built agent skills covering Gmail, Drive, Docs, Calendar, and Chat — and it includes a built-in MCP server that lets AI clients like Claude Desktop, Gemini CLI, and VS Code access your Workspace directly. This is the thing that used to require a custom OAuth flow, API client library setup, and a day of plumbing. Now it’s a CLI install and a config file. ...

OpenAI dropped a significant update on March 5, 2026: GPT-5.4, a model built from the ground up for autonomous agent work. It ships with two things practitioners have been waiting for — native computer-use capabilities and a 1M-token context window in API preview. If you build agents, this changes your architecture options in real ways. What Actually Shipped GPT-5.4 comes in two variants: Standard GPT-5.4 — The default API model with native computer-use support and 1M-token context GPT-5.4 Pro — A higher-performance tier aimed at complex, long-horizon tasks The model is available in ChatGPT, the Codex environment, and the API. Microsoft Foundry integration is also confirmed, meaning enterprise teams using Azure AI Foundry can access it without a separate onboarding. ...

A ZDNET survey of chief data officers finds that 50% of organizations deploying agentic AI cite data quality and retrieval issues as their primary barrier. Executives are responding by increasing data management investment specifically to unblock agent deployments — not as a general data hygiene initiative, but as a direct prerequisite for getting agents into production. If you’re in that 50%, here’s a practical framework for what to actually fix. ...