diff --git a/CHANGELOG.md b/CHANGELOG.md
index d9886cb12..a76ec655c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -18,8 +18,8 @@ Docs: https://docs.openclaw.ai
 - Sessions/Agents: harden transcript path resolution for mismatched agent context by preserving explicit store roots and adding safe absolute-path fallback to the correct agent sessions directory. (#16288) Thanks @robbyczgw-cla.
 - BlueBubbles: include sender identity in group chat envelopes and pass clean message text to the agent prompt, aligning with iMessage/Signal formatting. (#16210) Thanks @zerone0x.
 - WhatsApp: honor per-account `dmPolicy` overrides (account-level settings now take precedence over channel defaults for inbound DMs). (#10082) Thanks @mcaxtr.
-- Media: accept `MEDIA:`-prefixed paths (lenient whitespace) when loading outbound media to prevent `ENOENT` for tool-returned local media paths. (#13107) Thanks .
-- Security/Gateway: harden tool-supplied `gatewayUrl` overrides by restricting them to loopback or the configured `gateway.remote.url`. Thanks -sec.
+- Media: accept `MEDIA:`-prefixed paths (lenient whitespace) when loading outbound media to prevent `ENOENT` for tool-returned local media paths. (#13107) Thanks @mcaxtr.
+- Security/Gateway: harden tool-supplied `gatewayUrl` overrides by restricting them to loopback or the configured `gateway.remote.url`. Thanks @p80n-sec.
 
 - Security/Node Host: enforce `system.run` rawCommand/argv consistency to prevent allowlist/approval bypass. Thanks @christos-eth.
 - Security/Exec approvals: prevent safeBins allowlist bypass via shell expansion (host exec allowlist mode only; not enabled by default). Thanks @christos-eth.
diff --git a/src/agents/tools/gateway.e2e.test.ts b/src/agents/tools/gateway.e2e.test.ts
index 777ec43a1..b9d470c15 100644
--- a/src/agents/tools/gateway.e2e.test.ts
+++ b/src/agents/tools/gateway.e2e.test.ts
@@ -39,9 +39,9 @@ describe("gateway tool defaults", () => {
   it("rejects non-allowlisted overrides (SSRF hardening)", async () => {
     await expect(
       callGatewayTool("health", { gatewayUrl: "ws://127.0.0.1:8080", gatewayToken: "t" }, {}),
-    ).rejects.toThrow(/gatewayUrl override blocked/i);
+    ).rejects.toThrow(/gatewayUrl override rejected/i);
     await expect(
       callGatewayTool("health", { gatewayUrl: "ws://169.254.169.254", gatewayToken: "t" }, {}),
-    ).rejects.toThrow(/gatewayUrl override blocked/i);
+    ).rejects.toThrow(/gatewayUrl override rejected/i);
   });
 });
diff --git a/src/agents/tools/gateway.ts b/src/agents/tools/gateway.ts
index eecc663c7..8c658d67b 100644
--- a/src/agents/tools/gateway.ts
+++ b/src/agents/tools/gateway.ts
@@ -67,9 +67,9 @@ function validateGatewayUrlOverrideForAgentTools(urlOverride: string): string {
   if (!allowed.has(parsed.key)) {
     throw new Error(
       [
-        "gatewayUrl override blocked (SSRF hardening).",
+        "gatewayUrl override rejected.",
         `Allowed: ws(s) loopback on port ${port} (127.0.0.1/localhost/[::1])`,
-        "Or: configure gateway.remote.url and omit gatewayUrl.",
+        "Or: configure gateway.remote.url and omit gatewayUrl to use the configured remote gateway.",
       ].join(" "),
     );
   }