OpenClaw v2026.3.8: Backup CLI, ACP Provenance, and 12+ Security Patches

OpenClaw v2026.3.8 shipped on March 8 with contributions from 43 developers. Its a reliability and hardening release. Not flashy, but the kind that matters most in production. Backup CLI New openclaw backup create and openclaw backup verify commands let self-hosters archive their agent state locally. Grab everything or use --only-config for a config-only snapshot. ACP Provenance Think of it as caller ID for agent-to-agent communication. When another agent or system talks to yours, ACP provenance metadata lets your agent verify who initiated the conversation. Three modes: --provenance off , meta , or meta+receipt . Most individual users wont touch this directly. But for multi-agent setups, this reduces spoofed identities in agent workflows. Spoofed agent identities are how multi-agent pipelines get poisoned with bad data or unauthorized instructions. 12+ Security Patches SSRF protections, script execution sandboxing, and download-tool pinning. The kind of stuff you want your infrastruct