How-Tos & Practical Guides

Okta’s Threat Intelligence team just published research that every OpenClaw user needs to read. Their report, “Phishing the Agent: Why AI Guardrails Aren’t Enough,” documents specific multi-step prompt injection attacks against OpenClaw that successfully extract OAuth tokens, API keys, Wi-Fi passwords, and macOS Keychain credentials — even against Claude Sonnet 4.6’s built-in safety guardrails. This isn’t theoretical. The exploit chains are documented with verbatim methodology. If you’re running OpenClaw in any environment with sensitive credentials accessible, the threat is real and the mitigations are available. Here’s what you need to know. ...

NVIDIA’s NemoClaw turns OpenClaw into something your enterprise security and compliance teams can actually say yes to. This guide walks through the full deployment process—from prerequisites to running your first sandboxed agent—using the official NemoClaw stack. Prerequisites Before you begin, you’ll need: A supported deployment target: NVIDIA DGX Spark or DGX Station (recommended), or any Linux host with NVIDIA drivers installed Root/sudo access on the target system An NVIDIA developer account (free tier works for NemoClaw) OpenClaw v2026.4.x or later installed (NemoClaw wraps OpenClaw, not replaces it) Network access to registry.nemoclaw.nvidia.com during installation Step 1: One-Command Install NemoClaw’s installation script handles dependency resolution, Docker/container runtime setup, and initial configuration: ...

OpenClaw v2026.4.29 introduces NVIDIA as a first-class provider, giving you native access to Nemotron, Kimi, MiniMax, GLM, and other models from NVIDIA’s inference catalog. This guide walks you through getting those models working in your OpenClaw agent setup. Prerequisites OpenClaw v2026.4.29 or later (update via your standard update channel) An NVIDIA NGC API key (free tier available at build.nvidia.com) OpenClaw running in a configuration where you can edit provider settings Step 1: Update to v2026.4.29 If you haven’t already, pull the latest OpenClaw version: ...

Cursor has been the AI coding IDE story for the past year. Now, with the launch of the @cursor/sdk TypeScript package in public beta, it’s also becoming a platform you can build on top of. This guide walks through what the Cursor TypeScript SDK enables, how to get started, and how to structure your first programmatic coding agent. Note: The @cursor/sdk package launched in public beta in April 2026. API surface, method names, and hook signatures may change before 1.0. Always verify against the official Cursor SDK documentation before using in production — the examples below reflect the beta API as documented at launch. ...

If you’ve updated to OpenClaw v2026.4.26 and suddenly find your gateway crashing or Discord integration failing, you’re not alone. Reports of this issue are widespread across the OpenClaw community, and a reliable workaround has emerged while an official patch is prepared. This guide walks you through the steps to restore normal operation. Symptoms You’re affected by this issue if you see any of the following after updating to v2026.4.26: Gateway process crashes on startup or shortly after connecting Discord bot goes offline or stops responding to messages Channel reconnects fail silently OpenClaw logs showing connection refused or authentication errors for the Discord plugin Gateway status shows ERROR or DISCONNECTED immediately after starting Step 1: Confirm Your Version Before applying any workaround, confirm you’re running the affected version: ...

OpenClaw v2026.4.27 ships native support for Codex Computer Use — the ability to let an agent take direct control of a computer interface, interact with GUI applications, and execute multi-step workflows that span desktop and browser environments. It’s one of the most powerful capabilities in the agentic toolkit, and in this release, it finally has proper setup tooling. This guide walks you through the full setup process: checking prerequisites, running the install flow, understanding the fail-closed MCP safety checks, and knowing when (and when not) to use computer use in practice. ...

Anthropic’s Claude Cowork now includes Live Artifacts — a feature that lets you build persistent, interactive dashboards from natural language prompts, automatically synced to apps like Shopify, Linear, Slack, Gmail, and calendar sources. No code required. Here’s how to build your first Live Artifact dashboard, step by step. What Are Live Artifacts? Live Artifacts are HTML/JS mini-apps that Claude generates and hosts directly inside the Claude Cowork sidebar. Unlike static documents or one-off code snippets, Live Artifacts: ...

Anthropic just launched nine creative connectors that let Claude act directly inside your creative tools — not just answer questions about them. If you work in Photoshop, Blender, or Ableton, this guide walks you through how to get connected and what you can actually do once you are. What You’ll Need Before starting, confirm you have: A Claude account — Pro or Team plan (connector access requires an active subscription) The creative app installed and running — the connector works with the desktop version of each app An account with the app’s platform — Adobe Creative Cloud account for Photoshop, a Blender install (free), an Ableton Live license for Ableton Step 1: Access the Connectors Panel in Claude Open Claude at claude.ai In the left sidebar or top settings menu, look for Connectors (the icon resembles a plug or chain link) Click Add Connector to browse available integrations Search for the connector you want: “Adobe”, “Blender”, or “Ableton” Step 2: Connect Adobe Creative Cloud (for Photoshop and Premiere) Select Adobe for Creativity from the connector list Click Connect — you’ll be redirected to Adobe’s authorization page Sign in with your Adobe Creative Cloud credentials Grant the requested permissions (Claude will need access to read and interact with Creative Cloud assets) Return to Claude — the connector will show as Active What you can do now: ...

Claude Opus 4.7 ships with a new tokenizer that can inflate API costs by 1.0–1.35x on identical inputs. Anthropic disclosed this in the release notes — but if you missed it, your bills may have quietly gone up. This guide walks you through auditing your actual token usage and implementing the most effective cost reduction strategies available today. Who this is for: Teams running OpenClaw agents with Claude Opus backends, or anyone using the Anthropic API directly with Opus 4.7. ...

GitHub Copilot’s billing model is changing on June 1, and if you’re using premium models, agentic features, or third-party agent integrations, your costs could look very different starting that day. This guide breaks down exactly what’s changing and what to do before the switch. What’s Actually Changing Before June 1: Copilot usage consumed “Premium Request Units” — a fixed, opaque allocation tied to your plan tier. After June 1: Usage consumes GitHub AI Credits (1 Credit = $0.01 USD). Credits are allocated per plan, and specific features consume credits at different rates depending on which AI model they use. ...