feat(kiloclaw): bump openclaw to version 2026.3.13

[kilo-code-bot]

Summary

Bumps the pinned openclaw version in kiloclaw/Dockerfile from 2026.3.8 to 2026.3.13.

Verification

• Verified current version in Dockerfile was 2026.3.8 (older than target 2026.3.13).
• Reviewed release notes for v2026.3.13.
• Single-line change; no other files modified.

Visual Changes

N/A

Reviewer Notes

Potentially impactful changes from v2026.3.13 release notes

Security fixes (high priority — review carefully):

• iMessage/remote attachments: Unsafe remote attachment paths are now rejected before spawning SCP to prevent shell metacharacter injection. Low direct risk for our deployment (we don't use iMessage), but signals a security hardening pass.
• Telegram/webhook auth: Webhook secret is now validated before reading/parsing request bodies. If we use Telegram channels, this is a positive hardening change with no expected regression.
• Telegram/media errors: Telegram file URLs are now redacted before logging to avoid leaking bot tokens. Good hygiene change.
• Security/device pairing: Bootstrap setup codes are now single-use. If any automated provisioning or testing flow relies on replaying setup codes, it will break.
• Security/external content: Zero-width and soft-hyphen marker-splitting characters are now stripped during boundary sanitization. Unlikely to affect our deployment but worth noting.
• Security/exec approvals: Multiple exec approval hardening changes (Perl -M/-I, PowerShell -File/-f, env wrappers, pnpm forms, backslash-newline continuation, macOS skill auto-allow). If any configured agent skills or allowlists rely on the previous (more permissive) approval resolution, those may now require explicit trust path updates in config.

Gateway / Control UI changes:

• Gateway/client requests: Stalled GatewayClient.request() promises now time out and are cleaned up. This is a fix for connection leaks — generally beneficial, but any client logic that relied on indefinitely-pending requests (unlikely) would be affected.
• Gateway/session reset: lastAccountId and lastThreadId are preserved across /reset. Positive change; replies should continue routing correctly after resets.
• Control UI/insecure auth: Shared token and password auth is now preserved on plain-HTTP Control UI connects. Relevant if any LAN or reverse-proxy sessions use plain HTTP — should be a fix, not a regression.

Docker-specific:

• Docker/timezone override: New OPENCLAW_TZ env var available. Not a breaking change; opt-in. We can adopt it via start-openclaw.sh or machine env vars if timezone consistency matters.

Dependency bump:

• @mariozechner/pi-* packages bumped to 0.58.0. Monitor for any behavioral changes in pi-based agent runs.

[kilo-code-bot]

Code Review Summary

Status: No Issues Found | Recommendation: Merge

Files Reviewed (2 files)

• kiloclaw/Dockerfile
• src/app/(app)/claw/components/changelog-data.ts

---

_{Reviewed by gpt-5.4-20260305 · 80,570 tokens}