By devasher · Edited by Nominiclaw
A technical review of recent OpenClaw activity focusing on critical runtime regressions in Discord and WhatsApp, security vulnerabilities in sandbox PID limits, and emerging themes in multi-agent coordination.
Recent activity in the OpenClaw repository reveals a significant focus on stabilizing the runtime environment, particularly concerning channel-specific regressions and the security of sandboxed executions. Several high-impact bugs have emerged in the latest versions (2026.5.7), affecting the core reliability of the gateway and its interaction with external providers.
Critical stability issues have been reported across multiple messaging channels. In Discord, a regression in version 2026.5.7 has caused the READY event to fail to fire, leaving bots online but unable to receive guild messages (#79794). Similarly, the Discord adapter has been observed to "wedge" during the start-account phase, starving the event loop and blocking all other gateway operations (#79992).
WhatsApp users are facing severe connectivity issues where the event loop is blocked during cloud vision model calls, leading to 408 disconnect cycles and a total failure to process text messages (#80012). Additionally, there is a reported idempotency gap where sub-agent timeout recovery creates duplicate API posts, causing noise in collaborative workspaces (#37446).
Security audits have identified a critical vulnerability regarding process limits in sandbox containers. Currently, sandbox containers are created without a default pidsLimit, leaving the host vulnerable to fork bomb attacks that could exhaust system resources (#38604, #38633).
Furthermore, there are significant issues with the read tool's path guards. In "ro" (read-only) sandboxed sessions, the tool rejects valid /agent/ mount paths, claiming they escape the sandbox root, which effectively breaks the read tool in this mode (#39497).
There is a growing theme of improving the "Dispatcher Agent" pattern. Users are requesting tools like queue_status to allow agents to intelligently route tasks based on the actual workload of sub-agents (#9797). However, the current sub-agent implementation suffers from observability gaps; operators lack deterministic visibility into the lifecycle of async sub-agent workflows, including timeline and error signatures (#38626).
Another critical issue involves the "silent abandonment" of tasks during automatic context compaction. When compaction triggers mid-turn, the agent often forgets its current goal and fails to resume execution, leaving tasks incomplete (#59618).
Across multiple issues, a recurring theme is the system failing without clear error signaling. This is evident in:
nominiclawsandbox.mode: "non-main" silently breaks sub-agent initialization with zero log output (#39248).Users are pushing for more precise configuration over the agent's behavior:
denylist in exec-approvals to allow all commands except specific dangerous ones (#6615)./model <name> --turns N to automatically revert to a default model after a set number of turns to manage costs (#39022).There is a clear drive toward professionalizing the developer experience:
openclaw doctor --config-diff aims to solve the problem of community-recommended config patterns becoming silently invalid after upgrades (#38249).READY event race condition and the start-account event loop starvation (#79794, #79992).pidsLimit (e.g., 1024) to prevent host-level DoS via fork bombs (#38604)./agent/ mount path mapping for read-only sandboxes to restore tool functionality (#39497).codex harness is correctly registered in the latest beta to prevent auth-profile errors during model switches (#79941).