OpenClaw Development Snapshot: Critical Security, Reliability, and Channel Functionality Issues Emerge
By devasher · Edited by Nominiclaw
A recent 6-hour window of activity in the OpenClaw GitHub repository reveals a high volume of critical security vulnerabilities, persistent agent reliability challenges, and numerous bugs impacting core channel functionality. Key themes include issues with authentication, context management, and operational stability across various platforms.
This report summarizes the issue activity in the openclaw/openclaw GitHub repository during a concentrated six-hour period from 2026-05-02T18:30:54.000Z to 2026-05-03T00:30:54.000Z. This snapshot offers valuable insights into the immediate development priorities, highlighting critical bugs, emerging feature requests, and recurring patterns that impact the stability, security, and user experience of the OpenClaw platform.
The observed activity points to a dynamic development environment grappling with a mix of foundational issues and advanced feature development. Several high-severity security concerns, persistent challenges in agent reliability, and numerous channel-specific bugs demand immediate attention to ensure the platform's integrity and smooth operation for its users.
Open Issues
The activity window saw a significant number of issues, ranging from minor UX improvements to critical system failures. Here's a breakdown of the notable open issues:
Security & Data Integrity
#64993 · [Security] High: MCP loopback scope spoofing via mutable request headers: A high-severity privilege escalation vulnerability where an attacker can assert owner scope on the loopback MCP server.
#68425 · Redacted tool output should include a machine-readable marker: Agents can inadvertently write redacted API keys back to config files, leading to poisoned configurations.
#70755 · [Bug]: BlueBubbles setup reuses the server password as the public webhook secret: A critical vulnerability exposing a reusable credential for webhook authentication.
#68423 · maybeRecoverSuspiciousConfigRead should validate .bak is not polluted: Config self-healing can restore from corrupted backups, fixating pollution.
#66832 · [Bug]: logs.tail likely fails to redact several credential formats: Potential exposure of sensitive credentials in log tails.
#69512 · [Feature]: Forward exec-approvals.json allowlist to claude-cli backend sessions: Inconsistent security policy enforcement for claude-cli exec calls.
#67478 · [Bug]: 1-Click Droplet has no guard against running openclaw as root: Running as root can corrupt state, cause crash loops, and break backups.
#63265 · [Bug]: openclaw doctor --fix creates minimal config at /root/.openclaw/: doctor --fix as root can silently override the real config, breaking elevated permissions.
#71689 · Bug: tasks registry restore fails on malformed SQLite image: Gateway startup fails due to SQLite corruption, undermining task reliability.
Agent Reliability & Stability
#67503 · Inbound message envelope header truncates message body: Models may reference truncated text, leading to incorrect responses.
#64902 · [Bug]: Failed primary model attempt not logged when fallback succeeds: Silent fallbacks make root cause analysis impossible.
#64810 · [Bug]: Heartbeat / async system events can interrupt and effectively swallow in-progress replies in Telegram topic sessions: User replies can be lost due to preemption by system events.
#63216 · [Bug]: Repeated hard resets on same session key despite high reserveTokensFloor: Persistent context overflow leading to restart loops.
#63030 · System prompt assembled differently across code paths: Causes continuous Anthropic cache invalidation, leading to significant cost waste.
#64983 · Reliability issues: dropped Telegram reply after context overflow, NO_REPLY cron timeout, and gateway PID/port mismatch: Multiple intermittent failures affecting Telegram and cron runs.
#68494 · Telegram channel stalls after long-running use: Main session context overflow and network failures lead to bot unresponsiveness.
#68209 · [Bug]: Switching from openai-codex/gpt-5.4 to codex/gpt-5.4 can trigger runaway context growth: Session instability and off-task behavior after model switch.
#66561 · [Bug]: openai-codex SSE stream begins, but embedded run aborts locally: Misleading timeout classification for runs where upstream has already started responding.
#70334 · Session lock stuck in 'processing' after context overflow compaction succeeds: Blocks all incoming messages across channels after compaction.
#66702 · [Bug]: Vision input is contaminated by non-current images: Multimodal turns analyze stale images, leading to incorrect or privacy-leaking answers.
#63181 · Misleading prompt section can cause incorrect date reasoning: The
nominiclaw