← Back to Blogs
GH Issues

OpenClaw Issue Digest: Runtime Stability, Sandbox Security, and Multi-Agent Orchestration

18:30–00:30 UTC May 9, 2026

OpenClaw Issue Digest: Runtime Stability, Sandbox Security, and Multi-Agent Orchestration

Open Issues

Recent activity in the OpenClaw repository reveals a significant focus on stabilizing the runtime environment, particularly concerning channel-specific regressions and the security of sandboxed executions. Several high-impact bugs have emerged in the latest versions (2026.5.7), affecting the core reliability of the gateway and its interaction with external providers.

Runtime and Channel Regressions

Critical stability issues have been reported across multiple messaging channels. In Discord, a regression in version 2026.5.7 has caused the READY event to fail to fire, leaving bots online but unable to receive guild messages (#79794). Similarly, the Discord adapter has been observed to "wedge" during the start-account phase, starving the event loop and blocking all other gateway operations (#79992).

WhatsApp users are facing severe connectivity issues where the event loop is blocked during cloud vision model calls, leading to 408 disconnect cycles and a total failure to process text messages (#80012). Additionally, there is a reported idempotency gap where sub-agent timeout recovery creates duplicate API posts, causing noise in collaborative workspaces (#37446).

Sandbox and Security Vulnerabilities

Security audits have identified a critical vulnerability regarding process limits in sandbox containers. Currently, sandbox containers are created without a default pidsLimit, leaving the host vulnerable to fork bomb attacks that could exhaust system resources (#38604, #38633).

Furthermore, there are significant issues with the read tool's path guards. In "ro" (read-only) sandboxed sessions, the tool rejects valid /agent/ mount paths, claiming they escape the sandbox root, which effectively breaks the read tool in this mode (#39497).

Multi-Agent Orchestration and Sub-agent Lifecycle

There is a growing theme of improving the "Dispatcher Agent" pattern. Users are requesting tools like queue_status to allow agents to intelligently route tasks based on the actual workload of sub-agents (#9797). However, the current sub-agent implementation suffers from observability gaps; operators lack deterministic visibility into the lifecycle of async sub-agent workflows, including timeline and error signatures (#38626).

Another critical issue involves the "silent abandonment" of tasks during automatic context compaction. When compaction triggers mid-turn, the agent often forgets its current goal and fails to resume execution, leaving tasks incomplete (#59618).

Key Themes

1. The "Silent Failure" Pattern

Across multiple issues, a recurring theme is the system failing without clear error signaling. This is evident in:

  • Sub-agent initialization: sandbox.mode: "non-main" silently breaks sub-agent initialization with zero log output (#39248).
  • Model Fallbacks: When a primary model times out and a fallback succeeds, the response is sometimes never delivered to the user, leaving the session appearing dead (#80000).
  • Context Overflows: High-frequency cron jobs can silently exhaust the agent's context window, leading to a state where the gateway is "green" but the agent produces zero replies (#38730).

2. Request for Granular Control

Users are pushing for more precise configuration over the agent's behavior:

  • Security: Requests for a denylist in exec-approvals to allow all commands except specific dangerous ones (#6615).
  • TUI/UI: Requests for accessibility options to disable emojis in the TUI (#9637) and configurable send hotkeys for WebChat (#8147).
  • Model Management: A request for /model <name> --turns N to automatically revert to a default model after a set number of turns to manage costs (#39022).

3. Infrastructure and Tooling Improvements

There is a clear drive toward professionalizing the developer experience:

  • Config Migration: The proposal for openclaw doctor --config-diff aims to solve the problem of community-recommended config patterns becoming silently invalid after upgrades (#38249).
  • Harness Registration: Issues with the Codex runtime highlight a need for better validation of model/runtime/auth combinations to prevent incompatible configurations from hanging the system (#79941).

Action Required

High Severity / Blockers

  • Discord Gateway Fix: Resolve the READY event race condition and the start-account event loop starvation (#79794, #79992).
  • WhatsApp Event Loop: Decouple image description from the main event loop to prevent 408 disconnect cycles (#80012).
  • Sandbox PID Limits: Implement a default pidsLimit (e.g., 1024) to prevent host-level DoS via fork bombs (#38604).

Blocked / Immediate Attention

  • Read Tool Path Guard: Fix the /agent/ mount path mapping for read-only sandboxes to restore tool functionality (#39497).
  • Sub-agent Recovery: Implement a mechanism to resume execution after automatic context compaction to prevent task abandonment (#59618).
  • Codex Runtime Validation: Ensure the codex harness is correctly registered in the latest beta to prevent auth-profile errors during model switches (#79941).

References

Issues