diff --git a/docs/install/bun.md b/docs/install/bun.md
index dd30766f879..e76eb0d10f0 100644
--- a/docs/install/bun.md
+++ b/docs/install/bun.md
@@ -35,7 +35,7 @@ Bun is an optional local runtime for running TypeScript directly (`bun run ...`,
-## Lifecycle Scripts
+## Lifecycle scripts
Bun blocks dependency lifecycle scripts unless explicitly trusted. For this repo, the commonly blocked scripts are not required:
diff --git a/docs/nodes/audio.md b/docs/nodes/audio.md
index a80db6fad4f..1ca7df257d5 100644
--- a/docs/nodes/audio.md
+++ b/docs/nodes/audio.md
@@ -175,7 +175,7 @@ Provider-based audio transcription honors standard outbound proxy env vars:
If no proxy env vars are set, direct egress is used. If proxy config is malformed, OpenClaw logs a warning and falls back to direct fetch.
-## Mention Detection in Groups
+## Mention detection in groups
When `requireMention: true` is set for a group chat, OpenClaw now transcribes audio **before** checking for mentions. This allows voice notes to be processed even when they contain mentions.
diff --git a/docs/nodes/images.md b/docs/nodes/images.md
index dfa7633211c..49111305d7e 100644
--- a/docs/nodes/images.md
+++ b/docs/nodes/images.md
@@ -39,7 +39,7 @@ The WhatsApp channel runs via **Baileys Web**. This document captures the curren
- When media is present, the web sender resolves local paths or URLs using the same pipeline as `openclaw message send`.
- Multiple media entries are sent sequentially if provided.
-## Inbound Media to Commands (Pi)
+## Inbound media to commands (Pi)
- When inbound web messages include media, OpenClaw downloads to a temp file and exposes templating variables:
- `{{MediaUrl}}` pseudo-URL for the inbound media.
diff --git a/docs/platforms/android.md b/docs/platforms/android.md
index 65a10c87616..9f008e4f04b 100644
--- a/docs/platforms/android.md
+++ b/docs/platforms/android.md
@@ -23,7 +23,7 @@ The Android app has not been publicly released yet. The source code is available
System control (launchd/systemd) lives on the Gateway host. See [Gateway](/gateway).
-## Connection Runbook
+## Connection runbook
Android node app ⇄ (mDNS/NSD + WebSocket) ⇄ **Gateway**
diff --git a/docs/plugins/building-plugins.md b/docs/plugins/building-plugins.md
index 3005862619c..ff9d4914d02 100644
--- a/docs/plugins/building-plugins.md
+++ b/docs/plugins/building-plugins.md
@@ -288,7 +288,7 @@ surfaces, not as the default pattern for new third-party plugins.
Tests pass (`pnpm test -- /my-plugin/`)
`pnpm check` passes (in-repo plugins)
-## Beta Release Testing
+## Beta release testing
1. Watch for GitHub release tags on [openclaw/openclaw](https://github.com/openclaw/openclaw/releases) and subscribe via `Watch` > `Releases`. Beta tags look like `v2026.3.N-beta.1`. You can also turn on notifications for the official OpenClaw X account [@openclaw](https://x.com/openclaw) for release announcements.
2. Test your plugin against the beta tag as soon as it appears. The window before stable is typically only a few hours.
diff --git a/docs/security/THREAT-MODEL-ATLAS.md b/docs/security/THREAT-MODEL-ATLAS.md
index b73bbed9313..c34f481caa8 100644
--- a/docs/security/THREAT-MODEL-ATLAS.md
+++ b/docs/security/THREAT-MODEL-ATLAS.md
@@ -15,7 +15,7 @@ read_when:
**Methodology:** MITRE ATLAS + Data Flow Diagrams
**Framework:** [MITRE ATLAS](https://atlas.mitre.org/) (Adversarial Threat Landscape for AI Systems)
-### Framework Attribution
+### Framework attribution
This threat model is built on [MITRE ATLAS](https://atlas.mitre.org/), the industry-standard framework for documenting adversarial threats to AI/ML systems. ATLAS is maintained by [MITRE](https://www.mitre.org/) in collaboration with the AI security community.
diff --git a/docs/tools/browser-linux-troubleshooting.md b/docs/tools/browser-linux-troubleshooting.md
index 16af61fad96..4c4e288a551 100644
--- a/docs/tools/browser-linux-troubleshooting.md
+++ b/docs/tools/browser-linux-troubleshooting.md
@@ -12,7 +12,7 @@ OpenClaw's browser control server fails to launch Chrome/Brave/Edge/Chromium wit
{"error":"Error: Failed to start Chrome CDP on port 18800 for profile \"openclaw\"."}
```
-### Root Cause
+### Root cause
On Ubuntu (and many Linux distros), the default Chromium installation is a **snap package**. Snap's AppArmor confinement interferes with how OpenClaw spawns and monitors the browser process.
@@ -123,7 +123,7 @@ curl -s -X POST http://127.0.0.1:18791/start
curl -s http://127.0.0.1:18791/tabs
```
-### Config Reference
+### Config reference
| Option | Description | Default |
| -------------------------------- | -------------------------------------------------------------------- | ----------------------------------------------------------- |
diff --git a/docs/tools/code-execution.md b/docs/tools/code-execution.md
index a3b33bb7812..efc8db68aa9 100644
--- a/docs/tools/code-execution.md
+++ b/docs/tools/code-execution.md
@@ -55,7 +55,7 @@ Example:
}
```
-## How To Use It
+## How to use it
Ask naturally and make the analysis intent explicit:
diff --git a/docs/tools/plugin.md b/docs/tools/plugin.md
index 40dc4378d76..f3ac362fd12 100644
--- a/docs/tools/plugin.md
+++ b/docs/tools/plugin.md
@@ -90,7 +90,7 @@ Both show up under `openclaw plugins list`. See [Plugin Bundles](/plugins/bundle
If you are writing a native plugin, start with [Building Plugins](/plugins/building-plugins)
and the [Plugin SDK Overview](/plugins/sdk-overview).
-## Package Entrypoints
+## Package entrypoints
Native plugin npm packages must declare `openclaw.extensions` in `package.json`.
Each entry must stay inside the package directory and resolve to a readable
diff --git a/docs/web/control-ui.md b/docs/web/control-ui.md
index 2964d318c34..5032f8d763d 100644
--- a/docs/web/control-ui.md
+++ b/docs/web/control-ui.md
@@ -321,7 +321,7 @@ Documented exceptions:
See [Tailscale](/gateway/tailscale) for HTTPS setup guidance.
-## Content Security Policy
+## Content security policy
The Control UI ships with a tight `img-src` policy: only **same-origin** assets, `data:` URLs, and locally generated `blob:` URLs are allowed. Remote `http(s)` and protocol-relative image URLs are rejected by the browser and do not issue network fetches.