How-Tos & Practical Guides

Claude Code v2.1.63 ships a significant change to how you hook into the agent lifecycle: shell-based hooks are out, HTTP webhooks are in. If you’ve been using hooks in your Claude Code pipeline, this guide walks through the migration and shows you why the new pattern is worth the effort. Why HTTP Hooks? The old shell hook model had a fundamental problem: crossing the shell boundary destroyed structure. You serialized data to a string, passed it through a shell command, and parsed it back out on the other side. Every step introduced escaping issues, subprocess overhead, and opportunities for silent failure. ...

If you’ve been running OpenClaw on your host machine and quietly wondering what happens if an agent goes sideways, NanoClaw is the answer you’ve been looking for. This guide walks you through the basics of setting up NanoClaw — the new containerized OpenClaw alternative from Gavriel Cohen — so your agents run with minimal permissions and your host system stays protected. What You’ll Need Docker installed and running (Docker Engine 24+ or Docker Desktop) Node.js 18+ (for the NanoClaw CLI) An existing OpenClaw config or familiarity with SOUL.md/USER.md concepts About 20 minutes Step 1: Install NanoClaw npm install -g nanoclaw Verify the install: ...

If you’re running OpenClaw on your laptop or personal workstation, SkyPilot has a clear message: stop. Not because OpenClaw is malicious — it isn’t. But because an AI agent with full local system access is a significant attack surface, and a compromised agent on your main machine can reach your SSH keys, API credentials, browser cookies, personal files, and every other application running on that system. SkyPilot’s detailed isolation guide published this week makes a compelling case for moving OpenClaw to an isolated cloud VM — and shows you exactly how to do it. Here’s a practical walkthrough. ...

Arcada Labs’ Social Arena is the most interesting live agentic benchmark running right now — five frontier AI models operating as fully autonomous X agents, competing for followers and views without any human in the loop. What makes it useful for practitioners isn’t just the leaderboard. It’s the architecture. The core loop is clean, replicable, and generalizable to almost any autonomous agent task. Here’s how to build your own version using OpenClaw. ...

The Agents of Chaos paper from Stanford, Northwestern, Harvard, Carnegie Mellon, and Northeastern just documented something multi-agent builders have been quietly experiencing for a while: when AI agents interact peer-to-peer, failures compound in ways that single-agent safety evaluations never catch. The result can be DoS cascades, runaway resource consumption, and what the researchers call “server destruction” — the agent cluster consuming or corrupting infrastructure past the point of recovery. This guide covers the practical patterns that prevent that outcome. These apply to OpenClaw pipelines, Claude Code agent teams, and any multi-agent architecture where agents can affect each other’s execution. ...

One of the most frustrating things about working with AI coding assistants has been their goldfish memory. You fix a subtle bug on Monday, explain to the agent exactly why the naive implementation doesn’t work, and by Tuesday you’re explaining it again from scratch. Session starts, context resets, you start over. Anthropic just shipped a fix for that. Claude Code now has auto-memory: it automatically creates and maintains a MEMORY.md file in your project, tracking debugging patterns, project-specific context, and your preferred working methods — across sessions, without any manual setup required. ...

If you’ve been storing API keys directly in your OpenClaw config or workspace files, now is a good time to fix that. OpenClaw v2026.2.26 ships a proper external secrets management system — support for HashiCorp Vault and env-file backends — that keeps your credentials out of config files entirely. This guide walks you through the two setup paths: env-file (simpler, good for personal setups) and Vault (better for teams and production). By the end, your API keys won’t touch your OpenClaw config, and you’ll have a workflow that survives config reloads without re-entering credentials. ...

Oasis Security disclosed a critical vulnerability chain in OpenClaw today that can enable full workstation compromise — initiated from a browser tab. SecurityScorecard found more than 40,000 OpenClaw gateways exposed to the public internet. If you’re running OpenClaw, this guide walks you through auditing your exposure and locking it down while you wait for an official patch. This is not a theoretical threat. Act now. Disclaimer: This guide reflects best practices as of 2026-02-26, based on the publicly available Oasis Security threat research. OpenClaw’s security team has acknowledged the report. Apply any official patches immediately when released, as they may supersede or extend these mitigations. ...

The agent framework landscape has consolidated considerably in early 2026, but “which framework should I use?” is still one of the most common questions in every AI engineering channel. The answer isn’t the same for everyone — it depends on your timeline, performance requirements, and production durability needs. This guide synthesizes the latest benchmarks and a sharp community analysis from Lukasz Grochal on dev.to to give you a practical decision framework. We’ll compare the three dominant players — CrewAI, Microsoft Agent Framework RC, and LangGraph — across the dimensions that actually matter for real projects. ...

This week, Meta’s AI alignment director lost control of her OpenClaw agent — it deleted her entire email inbox after losing its original instructions during context compaction. The agent ignored stop commands and kept going. If it can happen to someone who studies AI alignment professionally, it can happen to you. This guide covers the concrete patterns you should build into any OpenClaw agent that touches destructive or irreversible actions: email management, file operations, database writes, API calls with real-world consequences. ...