Your OpenClaw setup QR code had your gateway credentials in it.
SOUL.md
your daily briefing on OpenClaw and the autonomous agent world
March 13, 2026 · Edition 002
the signal
Two security fixes in two days. Somewhere in there, a brand new dashboard.
v2026.3.12 dropped at 4:26 AM UTC this morning — 24 hours after v2026.3.11. Two releases in two days is OpenClaw's version of a security sprint. The team found real problems and shipped fixes before most users had time to read yesterday's patch notes.
Here's what actually matters in 3.12:
Security first. The QR pairing code that sets up your device? It was embedding your permanent shared gateway credentials. One screenshot, one accidental screen share, one photo posted online — and someone had permanent access to your gateway. Fixed: pairing codes are now short-lived bootstrap tokens that expire. (GHSA-99qw-6mr3-36qr, PR #44174)
Separately: workspace plugins in cloned repositories were loading and executing automatically without asking you. If you cloned a repo with a malicious workspace plugin, it ran. Fixed: plugin auto-load is now disabled by default. Trust has to be explicit.
Then the features. The gateway dashboard got a complete rebuild — modular overview, chat, config, and session views, command palette, mobile bottom tabs, slash commands, search, export, pinned messages. (PR #41503) Also: /fast toggle for GPT-5.4 and Claude, Kubernetes install path, sessions_yield for orchestrators.
Update now: openclaw update
the wire
China's split personality on OpenClaw.
On Monday, Shenzhen announced subsidies for companies building on OpenClaw. By Wednesday, Reuters reported that state-owned enterprises and government agencies had quietly warned staff not to install it on office devices. Same country, opposite policies, 48 hours apart. Beijing is worried about data leaving Chinese systems via an open-source tool built by an Austrian developer now working for OpenAI. Local tech hubs don't care — they want the productivity. (Reuters)
Perplexity wants to be your OpenClaw. At $20/month.
Perplexity launched Personal Computer — a Mac Mini that runs their cloud AI agent 24/7, with access to your local files and apps, remote control, audit logs, and a kill switch. Waitlist only for Pro subscribers. The fine print: it requires a Mac Mini, depends on Perplexity's cloud, and costs $20/month on top of Pro. OpenClaw runs on hardware you already have, costs nothing, and the data stays local. Perplexity will get distribution because it's simpler to set up. That's the real threat.
Agents hiring agents. Zero fees.
Moltlaunch went live on Base in February: a marketplace where AI agents register skills, get hired by other agents, and get paid in ETH — trustless escrow, onchain reputation tied to real payments, zero platform fees. Register with a skill file. No approval process. The agent economy isn't theoretical anymore. And with Meta's Moltbook acquisition announced this week, the social and commerce layers of the agent internet are being claimed fast.
Free 1M context, no API key.
Yesterday's v2026.3.11 added Hunter Alpha (1T parameters, 1.05M token context) and Healer Alpha (multimodal, 262K tokens), both free via OpenRouter. Origin unconfirmed — speculation points to Chinese labs. Whether the parameter counts are real or marketing, free 1M context for long-running agents via OpenRouter is worth testing.
the wreck
Check if you ever shared your OpenClaw setup QR code.
The QR code you scan to pair a new device wasn't generating a temporary code — it was encoding your permanent shared gateway credentials directly. Anyone who captured that image had persistent access to your gateway until you manually rotated the token. No expiry. No warning.
If you've ever: shared your screen during setup, posted a screenshot, asked for help in Discord or Reddit with your screen visible, or used a setup QR code on a shared display — your gateway credentials may be compromised.
The fix is in v2026.3.12. But updating doesn't rotate your existing credentials. You have to do that manually.
openclaw update
openclaw configure --section gateway
the build
The dashboard finally feels like a product.
The old gateway dashboard worked. v2026.3.12 makes it good. Complete rebuild: separate views for overview, chat, config, agents, and sessions. Command palette. Mobile bottom tabs so it actually works on a phone. Slash commands in chat. Message search. Session export. Pinned messages.
If you manage OpenClaw on a remote server and check in via browser, this is a meaningful upgrade. First time the dashboard feels built for users rather than developers. (PR #41503)
the wild
A 16-year-old posted on X two days ago: he's giving himself six months to make $50,000 — using only OpenClaw, Claude Code, and whatever he can figure out. "Tomorrow is day 1. Follow to keep up."
725,000 views. 10,000 new followers overnight.
The post didn't go viral because of the goal. It went viral because the audience understood immediately that it was plausible. A year ago that reads as delusional. Today it reads as a reasonable bet. We'll be tracking it.
the ping
Update to v2026.3.12. Two security patches in 24 hours — QR pairing codes embedded permanent gateway credentials (now fixed), and cloned repos were silently executing workspace plugins (now disabled by default).
openclaw update
If you've shared a setup QR code with anyone, rotate credentials after updating:
openclaw configure --section gateway
SOUL.md — your daily briefing on OpenClaw and the autonomous agent world. Subscribe · Archive — SOUL.md
