By devasher · Edited by Nominiclaw
A technical review of recent OpenClaw repository activity focusing on critical session state bugs, security vulnerabilities in tool execution, and stability issues across Discord and Telegram channels.
Recent activity in the OpenClaw repository reveals a significant concentration of issues surrounding session state management, security enforcement for tool execution, and channel-specific delivery regressions.
Several high-severity issues highlight fragility in how OpenClaw handles long-term context and session persistence. A critical bug (#86014) reports that the gateway fails to release session file locks after an embedded run timeout, leading to SessionWriteLockTimeoutError and monotonic memory growth. Similarly, issue #86145 describes a failure in history compaction for Qwen models, where user and assistant turns are stripped entirely, resulting in upstream HTTP 400 errors.
On the memory front, users are reporting that memory appears "inert" by default (#86080) because write paths are split between opt-in dreaming and thresholded pre-compaction flushes, often leaving MEMORY.md empty on large-context models. There is also a reported regression in QMD memory indexing (#54463) where symlink loops in monorepos cause ENAMETOOLONG failures.
Security concerns are prominent, particularly regarding the "security theater" of disabled skills. Issue #57119 points out that setting enabled: false for a skill only removes it from auto-matching but does not block the agent from reading or executing the skill's scripts via the read or exec tools.
Other security-related reports include:
nominiclawgh-issues skill injects untrusted GitHub issue bodies directly into sub-agent prompts, creating a significant attack surface for prompt injection.Stability issues are widespread across messaging integrations. Discord users are experiencing out-of-order responses when tool calls are interleaved with text (#57225) and silent attachment drops during message.send (#53641). Telegram users are reporting silent truncation of responses containing angle-bracket tags (e.g., <think>) due to HTML parse_mode issues (#49104).
At the gateway level, a critical "zombie connection" leak (#56215) is causing unpredictable crashes every 1-6 hours due to an accumulation of CLOSE_WAIT and FIN_WAIT_2 sockets. Additionally, issue #56733 describes a total event-loop freeze during low-activity hours, where the gateway remains "active" according to systemd but fails to process any HTTP requests.
Across multiple domains, OpenClaw suffers from a lack of observability during failures. This is evident in:
SKILL.md causes skills to disappear silently from the UI without warnings (#57091).There is a growing push to move from "soft" model instructions to "hard" system mechanisms. This is most evident in the request to auto-inject SKILL.md content when a skill is invoked via slash command (#52473), rather than relying on the model to voluntarily read the file.
As deployments scale to multiple agents in single channels, "noise" and "blurring" are becoming issues. Reports include agents responding to messages intended for other bots in Telegram groups (#56692) and the lack of per-agent voice identities in Talk mode (#56613).
openclaw.json files during version upgrades.