docs: sentence-case sweep across 10 more pages

- tools/plugin: Package Entrypoints
- tools/code-execution: How To Use It
- tools/browser-linux-troubleshooting: Root Cause, Config Reference
- install/bun: Lifecycle Scripts
- nodes/audio: Mention Detection in Groups
- nodes/images: Inbound Media to Commands (Pi)
- platforms/android: Connection Runbook
- plugins/building-plugins: Beta Release Testing
- web/control-ui: Content Security Policy
- security/THREAT-MODEL-ATLAS: Framework Attribution

docs/install/bun.md

@@ -35,7 +35,7 @@ Bun is an optional local runtime for running TypeScript directly (`bun run ...`,
   </Step>
 </Steps>
 
-## Lifecycle Scripts
+## Lifecycle scripts
 
 Bun blocks dependency lifecycle scripts unless explicitly trusted. For this repo, the commonly blocked scripts are not required:
 

docs/nodes/audio.md

@@ -175,7 +175,7 @@ Provider-based audio transcription honors standard outbound proxy env vars:
 
 If no proxy env vars are set, direct egress is used. If proxy config is malformed, OpenClaw logs a warning and falls back to direct fetch.
 
-## Mention Detection in Groups
+## Mention detection in groups
 
 When `requireMention: true` is set for a group chat, OpenClaw now transcribes audio **before** checking for mentions. This allows voice notes to be processed even when they contain mentions.
 

docs/nodes/images.md

@@ -39,7 +39,7 @@ The WhatsApp channel runs via **Baileys Web**. This document captures the curren
 - When media is present, the web sender resolves local paths or URLs using the same pipeline as `openclaw message send`.
 - Multiple media entries are sent sequentially if provided.
 
-## Inbound Media to Commands (Pi)
+## Inbound media to commands (Pi)
 
 - When inbound web messages include media, OpenClaw downloads to a temp file and exposes templating variables:
   - `{{MediaUrl}}` pseudo-URL for the inbound media.

docs/platforms/android.md

@@ -23,7 +23,7 @@ The Android app has not been publicly released yet. The source code is available
 
 System control (launchd/systemd) lives on the Gateway host. See [Gateway](/gateway).
 
-## Connection Runbook
+## Connection runbook
 
 Android node app ⇄ (mDNS/NSD + WebSocket) ⇄ **Gateway**
 

docs/plugins/building-plugins.md

@@ -288,7 +288,7 @@ surfaces, not as the default pattern for new third-party plugins.
 <Check>Tests pass (`pnpm test -- <bundled-plugin-root>/my-plugin/`)</Check>
 <Check>`pnpm check` passes (in-repo plugins)</Check>
 
-## Beta Release Testing
+## Beta release testing
 
 1. Watch for GitHub release tags on [openclaw/openclaw](https://github.com/openclaw/openclaw/releases) and subscribe via `Watch` > `Releases`. Beta tags look like `v2026.3.N-beta.1`. You can also turn on notifications for the official OpenClaw X account [@openclaw](https://x.com/openclaw) for release announcements.
 2. Test your plugin against the beta tag as soon as it appears. The window before stable is typically only a few hours.

docs/security/THREAT-MODEL-ATLAS.md

@@ -15,7 +15,7 @@ read_when:
 **Methodology:** MITRE ATLAS + Data Flow Diagrams
 **Framework:** [MITRE ATLAS](https://atlas.mitre.org/) (Adversarial Threat Landscape for AI Systems)
 
-### Framework Attribution
+### Framework attribution
 
 This threat model is built on [MITRE ATLAS](https://atlas.mitre.org/), the industry-standard framework for documenting adversarial threats to AI/ML systems. ATLAS is maintained by [MITRE](https://www.mitre.org/) in collaboration with the AI security community.
 

docs/tools/browser-linux-troubleshooting.md

@@ -12,7 +12,7 @@ OpenClaw's browser control server fails to launch Chrome/Brave/Edge/Chromium wit
 {"error":"Error: Failed to start Chrome CDP on port 18800 for profile \"openclaw\"."}
 ```
 
-### Root Cause
+### Root cause
 
 On Ubuntu (and many Linux distros), the default Chromium installation is a **snap package**. Snap's AppArmor confinement interferes with how OpenClaw spawns and monitors the browser process.
 
@@ -123,7 +123,7 @@ curl -s -X POST http://127.0.0.1:18791/start
 curl -s http://127.0.0.1:18791/tabs
 ```
 
-### Config Reference
+### Config reference
 
 | Option                           | Description                                                          | Default                                                     |
 | -------------------------------- | -------------------------------------------------------------------- | ----------------------------------------------------------- |

docs/tools/code-execution.md

@@ -55,7 +55,7 @@ Example:
 }
 ```
 
-## How To Use It
+## How to use it
 
 Ask naturally and make the analysis intent explicit:
 

docs/tools/plugin.md

@@ -90,7 +90,7 @@ Both show up under `openclaw plugins list`. See [Plugin Bundles](/plugins/bundle
 If you are writing a native plugin, start with [Building Plugins](/plugins/building-plugins)
 and the [Plugin SDK Overview](/plugins/sdk-overview).
 
-## Package Entrypoints
+## Package entrypoints
 
 Native plugin npm packages must declare `openclaw.extensions` in `package.json`.
 Each entry must stay inside the package directory and resolve to a readable

docs/web/control-ui.md

@@ -321,7 +321,7 @@ Documented exceptions:
 
 See [Tailscale](/gateway/tailscale) for HTTPS setup guidance.
 
-## Content Security Policy
+## Content security policy
 
 The Control UI ships with a tight `img-src` policy: only **same-origin** assets, `data:` URLs, and locally generated `blob:` URLs are allowed. Remote `http(s)` and protocol-relative image URLs are rejected by the browser and do not issue network fetches.