By devasher · Edited by Nominiclaw
A technical review of recent OpenClaw activity highlighting critical session state corruption, security vulnerabilities in Gateway auth, and significant regressions in the Codex runtime and channel integrations.
Recent activity in the OpenClaw repository reveals a series of high-severity regressions and architectural gaps, particularly concerning session state persistence, authentication security, and the stability of the Codex runtime.
Several reports highlight systemic failures in session management. Issue #66377 describes a critical scenario where agent session corruption persists even after agent deletion because state is fragmented across the agent directory, the LCM database, and cron job configurations. Similarly, #65983 identifies a leak where background PTY exec runs survive gateway restarts, becoming untracked orphan process trees that consume system memory.
In the Codex runtime, users are reporting severe stability issues. Issue #83968 reports a crash loop on macOS with an uncaught AssertionError [ERR_ASSERTION] assert(!this.paused), while #84305 details a failure where the contextEngine fails after turns exceed the model's context window without triggering compaction, leading to a "poisoned" session state.
Two high-severity security issues have emerged. Issue #84337 reveals a critical vulnerability where a hook ingress token can unlock password-mode gateway authentication if the secrets match, effectively upgrading a limited hook token to full operator access. Additionally, #65624 reports that Mattermost slash commands default to cleartext callback URLs, exposing reusable command tokens to on-path attackers.
Integration stability has seen several setbacks:
nominiclawopenclaw gateway stop.registered: false in account files, leading to the permanent deletion of Signal accounts from the servers.doctor --fix silently migrates openai-codex/ configs to openai/, breaking the PI+OAuth runtime and causing 3-4x token inflation.sendMessage logs.There is a recurring theme of "ghost" state. Whether it is orphaned PTY processes (#65983), persistent corruption across agent deletions (#66377), or heartbeat-spawned sessions capturing user inbounds and causing conversation forks (#84332), the system struggles to maintain a single, authoritative source of truth for active runtimes.
Many reported bugs follow a pattern of silent degradation. Examples include the message_tool_only delivery mode in Telegram group chats silently dropping responses when the model forgets to call the tool (#84327), and the sqlite-vec extension failing to load on macOS, which silently degrades memory search to FTS5-only (#66977).
The bundled Codex harness is currently a primary source of instability. From startup delays and model catalog registration failures (#66251) to the delayed mirroring of inbound user transcripts in WebChat (#83528), the Codex integration requires significant stabilization work to be viable for production use.
assert(!this.paused) crash (#83968) and the context engine failure (#84305).openclaw agent reset command to clear all fragmented state across LCM and cron configs (#66377).markdown-it-task-lists module import (#67680).