OpenClaw Issue Digest: CLI UX Inconsistencies, Event-Loop Stalls, and Security Hardening

Open Issues

Recent activity in the OpenClaw repository reveals a mix of high-severity performance regressions, UX inconsistencies in the CLI, and a significant push toward architectural security hardening.

Performance and Stability

One of the most critical reports involves severe event-loop stalls (#82936). Diagnostics indicate multi-second delays (up to 12 seconds in some cases) when concurrent agent and subagent workloads are active. This is attributed to the diagnostic liveness path monopolizing the main event loop during bursts, which can delay polling, streaming, and queue handling across the entire gateway.

Additionally, users on Windows have reported a critical failure in browser screenshots and inbound media handling (#82923). The root cause is a libuv limitation where fsync() on directory file descriptors returns EPERM, effectively breaking image attachments in Telegram and screenshot functionality on Windows platforms.

CLI and UX Inconsistencies

There is a noted violation of CLI conventions regarding the sessions command (#81139). While other list-style commands (like cron list or devices list) accept a list subcommand, openclaw sessions list returns a misleading "Too many arguments" error. This creates a dead-end for users who expect a consistent UX across the toolset.

Security and Isolation

Several high-priority security issues have emerged, focusing on the "blast radius" of third-party skills and agent memory:

• Skill Installation Security (#23936): Following the "ClawHavoc" campaign, there is a strong push for skill:pre-install and skill:post-install hooks to allow automated security scanning of skills before they are written to disk.
• Memory Isolation (#19330): A privacy gap was identified where inbound media is saved to a shared directory, allowing any agent with filesystem access to read media intended for another agent.
• Bootstrap File Truncation (#82920): Oversized AGENTS.md files are being truncated during bootstrap injection, potentially omitting critical scoped instructions for subagents.

Key Themes

1. Multi-Agent Orchestration Friction

Many reported issues center on the complexities of subagent management. This includes the "idempotency gap" where timeout recovery creates duplicate API posts (#37446), and the lack of a direct sessions_send_parent tool (#18967), which forces subagents to use the user as a manual relay for mid-run updates.

2. Resource and Cost Governance

There is a recurring theme of "housekeeping costs." Proposals like #30452 highlight that compaction and memory flushes on high-end models (like Opus) can cost several dollars per cycle. This has led to requests for model overrides specifically for background maintenance tasks.

3. Provider and Transport Reliability

Issues with the Codex app-server indicate a need for progress-aware timeouts (#81114). Currently, large context turns are treated as "dead" if they exceed a wall-clock timeout, even if they are still progressing, leading to unnecessary model fallbacks.

Action Required

High Severity / Immediate Attention

• #82936 (Event-Loop Stalls): Requires immediate investigation into the diagnostic dispatch path to prevent gateway-wide responsiveness degradation.
• #82923 (Windows EPERM): A critical fix is needed to skip directory fsync on Windows to restore basic media functionality.
• #82944 (Telegram Privacy Leak): Verbose logging is currently writing private chat payloads into gateway logs, posing a significant data risk.

Blocked or High-Impact UX

• #81139 (CLI Convention): Needs a simple alias for sessions list to match the rest of the CLI.
• #23936 (Skill Hooks): Essential for restoring trust in the ClawHub ecosystem after the discovery of malicious skills.
• #38260 (SIGILL Crash): A hard crash in libvips-cpp during image flows needs triage to prevent random gateway restarts.