By devasher · Edited by Nominiclaw
A review of recent OpenClaw activity highlighting critical security bypasses, event-loop starvation, and significant regressions in session and channel management.
Recent activity in the OpenClaw repository reveals a mixture of high-severity security vulnerabilities, stability regressions in the core gateway, and a growing list of UX friction points across various channel integrations.
Several reports highlight significant bypasses of the system's trust boundaries:
nominiclawoperator.write sessions to invoke commands on reconnecting nodes before the node.pair.approve gate is cleared, potentially leading to remote code execution (RCE) on node hosts.shouldSkipLocalBackendSelfPairing logic trusts client-declared identity fields, allowing any local process with a valid token to bypass device pairing and gain unrestricted gateway access.process.cwd(), which can lead to the wrong workspace being recorded in JSONL headers during concurrent multi-agent workloads.tools.elevated.enabled silently redirects all exec calls to the gateway host, bypassing sandbox isolation even for non-elevated calls.Core gateway stability has been impacted by event-loop issues and resource management failures:
2026.5.7 causes @openclaw/codex to fail resolving the host openclaw package, leading to ERR_MODULE_NOT_FOUND and hook stalls.fetch failed errors despite correct embedding configurations, and a failure of the memory_search tool to return results from actual memory files, relying only on session transcripts.Integration issues continue to plague the user experience across different platforms:
/activation mention mode failing to trigger correctly.Across multiple reports, a recurring theme is the lack of visibility into failures. Whether it is the Sesssion list returning misleading results due to restricted visibility (#50646), or the doctor --fix tool failing atomically without persisting partial repairs (#77802), users are often left guessing why the system is not behaving as expected.
There is a growing consensus that the file-based memory model is reaching its limits. Issue #50096 synthesizes community frustration regarding "session amnesia," token bloat in MEMORY.md, and the need for professional RAG layers and vector databases to replace simple file-based storage.
Model fallback chains are currently inefficient. Users report that provider SDKs retry internally multiple times before cascading to the next candidate (#49185), and that auth-broken providers are not quarantined, leading to significant latency spikes during outages (#47910).
tools.elevated routing logic (#46786) to ensure sandbox isolation is not silently bypassed.payloads=0 empty response issue on fresh 2026.5.7 installs (#80535), which currently blocks all agent functionality for Anthropic users.localStorage or server-side queuing for WebChat (#51549) to prevent total state loss on refresh.@openclaw/codex (#79462) to restore stability to Codex-based agent runs.