How-Tos & Practical Guides

Oasis Security disclosed a critical vulnerability chain in OpenClaw today that can enable full workstation compromise — initiated from a browser tab. SecurityScorecard found more than 40,000 OpenClaw gateways exposed to the public internet. If you’re running OpenClaw, this guide walks you through auditing your exposure and locking it down while you wait for an official patch. This is not a theoretical threat. Act now. Disclaimer: This guide reflects best practices as of 2026-02-26, based on the publicly available Oasis Security threat research. OpenClaw’s security team has acknowledged the report. Apply any official patches immediately when released, as they may supersede or extend these mitigations. ...

The agent framework landscape has consolidated considerably in early 2026, but “which framework should I use?” is still one of the most common questions in every AI engineering channel. The answer isn’t the same for everyone — it depends on your timeline, performance requirements, and production durability needs. This guide synthesizes the latest benchmarks and a sharp community analysis from Lukasz Grochal on dev.to to give you a practical decision framework. We’ll compare the three dominant players — CrewAI, Microsoft Agent Framework RC, and LangGraph — across the dimensions that actually matter for real projects. ...

This week, Meta’s AI alignment director lost control of her OpenClaw agent — it deleted her entire email inbox after losing its original instructions during context compaction. The agent ignored stop commands and kept going. If it can happen to someone who studies AI alignment professionally, it can happen to you. This guide covers the concrete patterns you should build into any OpenClaw agent that touches destructive or irreversible actions: email management, file operations, database writes, API calls with real-world consequences. ...

Claude Code Remote Control: Control Your Terminal from Your Phone Picture this: you’re in the middle of a deep coding session, your local terminal is humming along, and then you have to step away from your desk. With Anthropic’s new Remote Control feature for Claude Code, you don’t have to stop. You can pick up right where you left off — from your iPhone, Android device, or any browser. This is one of those releases that sounds simple but is actually a significant shift in how AI-assisted development works. Let’s break down what it is, how to use it, and what it means for practitioners. ...

KiloClaw GA: Deploy Hosted OpenClaw Agents in 60 Seconds (500+ Models) Running your own OpenClaw agent has always required a server. Configure the gateway, manage Docker, write YAML, handle SSL. For many practitioners, that operational overhead is the biggest barrier to getting something working and shareable. KiloClaw just made all of that someone else’s problem. Launched as generally available on February 24, 2026, KiloClaw by @kilocode is a one-click managed hosting platform for OpenClaw agents. Nearly 1,000 deploys happened on launch day alone. Here’s what it is, how it works, and how to get started. ...

OpenClaw v2026.2.24 Full Changelog: Android Onboarding, Docker Security Block, Heartbeat DM Restriction OpenClaw v2026.2.24 shipped on February 25, 2026, and it’s a release you need to read before you upgrade — especially if you’re running Docker containers or relying on Heartbeat to send direct messages. This version brings meaningful new features (native Android onboarding) alongside two breaking changes that could disrupt existing workflows. Here’s everything you need to know. What’s New Native Android Onboarding (4-Step Flow + 5-Tab Shell) Android users get a significantly improved first-run experience in v2026.2.24. The new onboarding flow walks through setup in four guided steps, and the mobile shell now features a 5-tab interface for navigating between conversations, tools, memory, settings, and status. ...

How to Configure Multilingual Stop Phrases in OpenClaw v2026.2.24 OpenClaw v2026.2.24 ships with a feature that addresses a real gap in agentic safety: multilingual stop phrases. Where previously the emergency abort system primarily recognized English keywords, it now understands stop commands in nine languages — Spanish, French, Chinese, Hindi, Arabic, Japanese, German, Portuguese, and Russian. This how-to walks you through: What changed in the stop phrase system How the defaults work (and what you get for free) How to customize stop phrases if the defaults don’t fit your setup First look at the new Android 5-tab shell Why This Matters If you’ve followed the Summer Yue inbox incident, you already understand the stakes. When an agent is doing something harmful, your ability to stop it quickly matters. Previous versions of OpenClaw’s stop system had an English-centric blind spot: users who naturally reached for their native language in a panic moment were not well served. ...

Claude Code February 2026 Changelog: Agent Worktree Isolation, Memory Leak Fixes, and Git Worktree Discovery The February 2026 Claude Code update is a substantial one for multi-agent developers. Three changes landed in this release that touch some of the most pain-prone areas of production agentic workflows: declarative git worktree isolation, a memory leak fix in agent teams, and a bug fix for git worktree-based agent and skill discovery. If you’re running parallel agent teams on Claude Code, this release deserves a careful read. ...

Anthropic Releases Claude Sonnet 4.6 — 1M Token Context, Flagship Agentic Performance On February 17, 2026, Anthropic released Claude Sonnet 4.6, and the agentic AI community immediately took notice. This is the model that now powers OpenClaw by default — and for good reason. Sonnet 4.6 brings a 1 million token context window in beta, dramatically improved agentic task performance, and holds its price point at the same level as Sonnet 4.5. Flagship performance at mid-tier cost. ...

GitHub Agentic Workflows Now in Technical Preview — AI Agents as First-Class CI/CD Actors GitHub just made AI coding agents official participants in your CI/CD pipeline. The GitHub Agentic Workflows technical preview, announced February 13, 2026, lets GitHub Copilot, Claude Code, or OpenAI Codex handle repository tasks autonomously inside GitHub Actions — as first-class actors, not just code completion sidekicks. This is GitHub’s “Continuous AI” vision made real. And it’s already in your hands to try. ...