What to patch, rotate, and grep after OpenClaw 2026.4.22. Walks CVE-2026-44112/44113/44115/44118 as one chain on agent runtime, with detection log fields and 24h/1w response steps.
ZDI-26-305 discloses a sandbox bypass in OpenAI Codex. Processing a repository containing malicious JavaScript can lead to code execution under the user's privileges outside the sandbox.
NVIDIA's NemoClaw protects OpenClaw agents with a four-layer sandbox, while Stripe's Machine Payments Protocol enables payments without handing over private keys to agents. How can I safely charge from within the sandbox?
