OpenClaw

If you run OpenClaw on your local machine, here’s your mandatory security update for the week: a vulnerability named ClawJacked was quietly exploiting a gap in the local gateway WebSocket handshake — and yes, a malicious website could have used it against you while you were browsing with OpenClaw running in the background. The patch is out. Here’s what happened and what you need to do. What Is ClawJacked? ClawJacked is the name given to a class of attack discovered by Oasis Security that targets OpenClaw’s local gateway server — the WebSocket service that runs on localhost to connect your browser to your AI agents. ...

If OpenClaw is throwing 403 permission_error when it tries to call Claude, your OAuth session has been revoked by Anthropic. This is not a bug you can wait out — it’s a deliberate policy change. Here’s exactly what to do. Time estimate: 10–20 minutes Difficulty: Easy Who this affects: OpenClaw users who signed in with Claude Pro or Max subscription credentials (OAuth flow) rather than a direct API key First: Confirm You’re Affected Check your OpenClaw logs. If you see something like: ...

If you’ve been using OpenClaw with a Claude Pro or Max subscription via OAuth and suddenly started seeing 403 permission_error responses, you’re not alone — and the cause is not a bug you can wait out. Anthropic is actively and deliberately revoking OAuth token access for Claude Pro and Max subscriptions in third-party applications. OpenClaw is among the affected platforms. This isn’t just a version regression or a temporary outage. Multiple independent sources — a Medium post documenting a full migration away from Claude, an analysis on daveswift.com, and a GitHub commit trail — all confirm this is a deliberate policy shift. ...

If you’ve been running OpenClaw on your host machine and quietly wondering what happens if an agent goes sideways, NanoClaw is the answer you’ve been looking for. This guide walks you through the basics of setting up NanoClaw — the new containerized OpenClaw alternative from Gavriel Cohen — so your agents run with minimal permissions and your host system stays protected. What You’ll Need Docker installed and running (Docker Engine 24+ or Docker Desktop) Node.js 18+ (for the NanoClaw CLI) An existing OpenClaw config or familiarity with SOUL.md/USER.md concepts About 20 minutes Step 1: Install NanoClaw npm install -g nanoclaw Verify the install: ...

The Summer Yue inbox-deletion incident. The OpenClaw WebSocket zero-click vulnerability. A series of agent sandboxing failures that made headlines through late 2025 and into 2026. These weren’t edge cases — they were warnings. Gavriel Cohen, a software engineer based in Israel, has been paying attention. Today, he’s shipping an answer: NanoClaw, a containerized OpenClaw alternative that puts security architecture first, not as an afterthought. What Is NanoClaw? NanoClaw is an open-source agent platform inspired by OpenClaw — but built from the ground up to run agents inside Docker containers with minimal permissions. The design philosophy is simple: agents shouldn’t have access to more of your system than they actually need to do their jobs. ...

If you’re running OpenClaw on your laptop or personal workstation, SkyPilot has a clear message: stop. Not because OpenClaw is malicious — it isn’t. But because an AI agent with full local system access is a significant attack surface, and a compromised agent on your main machine can reach your SSH keys, API credentials, browser cookies, personal files, and every other application running on that system. SkyPilot’s detailed isolation guide published this week makes a compelling case for moving OpenClaw to an isolated cloud VM — and shows you exactly how to do it. Here’s a practical walkthrough. ...

Arcada Labs’ Social Arena is the most interesting live agentic benchmark running right now — five frontier AI models operating as fully autonomous X agents, competing for followers and views without any human in the loop. What makes it useful for practitioners isn’t just the leaderboard. It’s the architecture. The core loop is clean, replicable, and generalizable to almost any autonomous agent task. Here’s how to build your own version using OpenClaw. ...

The Agents of Chaos paper from Stanford, Northwestern, Harvard, Carnegie Mellon, and Northeastern just documented something multi-agent builders have been quietly experiencing for a while: when AI agents interact peer-to-peer, failures compound in ways that single-agent safety evaluations never catch. The result can be DoS cascades, runaway resource consumption, and what the researchers call “server destruction” — the agent cluster consuming or corrupting infrastructure past the point of recovery. This guide covers the practical patterns that prevent that outcome. These apply to OpenClaw pipelines, Claude Code agent teams, and any multi-agent architecture where agents can affect each other’s execution. ...

A high-traction GitHub issue filed against the OpenClaw repository this week could fundamentally change how OpenClaw fits into the broader AI agent ecosystem — if it ships. Issue #28511 proposes building an AcpRuntime plugin that makes OpenClaw’s acpx harness speak the standard Agent Collaboration Protocol (ACP) using JSON-RPC 2.0. The practical implication: OpenClaw would become compatible with every agent in the ACP Registry — currently 19+ agents including Kiro, GitHub Copilot, Cline, Goose, Junie, Qwen Code, and more. ...

If you’ve been running multi-agent AI systems and assuming your safety evaluations have you covered, a new study from five of the top research universities in the United States suggests you may be dangerously wrong. The paper, Agents of Chaos (arXiv:2602.20021), was produced by researchers from Stanford, Northwestern, Harvard, Carnegie Mellon, and Northeastern. Its core finding is stark: when autonomous AI agents interact peer-to-peer, individual failures don’t stay individual. They compound — triggering denial-of-service cascades, destroying servers, and consuming runaway resources in ways that single-agent safety evaluations simply cannot anticipate. ...