OpenClaw Issue Digest: Stability Regressions and UX Friction

Open Issues

Recent activity in the OpenClaw repository reveals a mixture of high-severity security vulnerabilities, stability regressions in the core gateway, and a growing list of UX friction points across various channel integrations.

Critical Security and Isolation Failures

Several reports highlight significant bypasses of the system's trust boundaries:

• Node Pairing Bypass (#65168): A critical vulnerability allows authenticated operator.write sessions to invoke commands on reconnecting nodes before the node.pair.approve gate is cleared, potentially leading to remote code execution (RCE) on node hosts.
• Backend Identity Impersonation (#72418): The shouldSkipLocalBackendSelfPairing logic trusts client-declared identity fields, allowing any local process with a valid token to bypass device pairing and gain unrestricted gateway access.
• Workspace Contamination (#49523): A regression in session transcript mirroring uses process.cwd(), which can lead to the wrong workspace being recorded in JSONL headers during concurrent multi-agent workloads.
• Sandbox Bypass (#46786): Enabling tools.elevated.enabled silently redirects all exec calls to the gateway host, bypassing sandbox isolation even for non-elevated calls.

Stability and Performance Regressions

Core gateway stability has been impacted by event-loop issues and resource management failures:

• Event Loop Starvation (#79197, #78601): Production monitors have detected severe event-loop delays (up to 23s), triggering the gateway's self-preservation mechanism and causing frequent, disruptive restarts.
• Codex Runtime Failures (#79462): A packaging issue in 2026.5.7 causes @openclaw/codex to fail resolving the host openclaw package, leading to ERR_MODULE_NOT_FOUND and hook stalls.
• Memory Search Failures (#47884, #46570): Users report fetch failed errors despite correct embedding configurations, and a failure of the memory_search tool to return results from actual memory files, relying only on session transcripts.

Channel and UX Friction

Integration issues continue to plague the user experience across different platforms:

• Feishu/Lark Issues (#49915, #49381, #50490): Reports include slash commands failing in group chats, duplicate final replies during model failover, and /activation mention mode failing to trigger correctly.
• Telegram Reliability (#50040, #79472, #49889): Issues range from silent outbound message loss during polling stalls to tool-only turns producing no delivery, and a lack of observability in partial-stream finalization.
• WebChat State Loss (#51549): A persistent bug causes the WebChat UI to lose all message queues, history, and drafts upon browser refresh.

Key Themes

1. The "Silent Failure" Pattern

Across multiple reports, a recurring theme is the lack of visibility into failures. Whether it is the Sesssion list returning misleading results due to restricted visibility (#50646), or the doctor --fix tool failing atomically without persisting partial repairs (#77802), users are often left guessing why the system is not behaving as expected.

2. Memory Architecture Limits

There is a growing consensus that the file-based memory model is reaching its limits. Issue #50096 synthesizes community frustration regarding "session amnesia," token bloat in MEMORY.md, and the need for professional RAG layers and vector databases to replace simple file-based storage.

3. Failover and Retry Inefficiency

Model fallback chains are currently inefficient. Users report that provider SDKs retry internally multiple times before cascading to the next candidate (#49185), and that auth-broken providers are not quarantined, leading to significant latency spikes during outages (#47910).

Action Required

Immediate Attention (High Severity)

• Security Fixes: Address the node pairing bypass (#65168) and the backend identity impersonation (#72418) to prevent unauthorized privilege escalation.
• Stability: Investigate the root cause of the 20s+ event-loop delays (#79197) to prevent the gateway from entering a restart loop.
• Isolation: Fix the tools.elevated routing logic (#46786) to ensure sandbox isolation is not silently bypassed.

Blocked or High-Impact UX

• Anthropic Provider Fix: Resolve the payloads=0 empty response issue on fresh 2026.5.7 installs (#80535), which currently blocks all agent functionality for Anthropic users.
• WebChat Persistence: Implement localStorage or server-side queuing for WebChat (#51549) to prevent total state loss on refresh.
• Codex Peer Links: Fix the npm peer-dependency resolution for @openclaw/codex (#79462) to restore stability to Codex-based agent runs.