OpenClaw operators should audit secrets and delivery after 2026.5.5
The newest OpenClaw issue wave is worth treating as an operator checklist rather than noise: skill SecretRef API keys may still enter exec child environments, delivery can be marked successful even when no channel adapter ran, Telegram subagent fallback can expose raw child output, and new bindings may route to main instead of the intended agent.
ImpactRisk Sources3 Audienceoperator · developer
These reports hit the trust boundary of a personal agent: secret isolation, truthful delivery status, mediated summaries, and routing to the right persona. A green status is not enough if the message never left or the wrong agent received it.
- Issue #78528: skill SecretRef-managed API keys can leak into exec child environments
- Issue #78532: deliverySucceeded may become true on early returns where no adapter is invoked
- Issue #78531: Telegram subagent completion fallback may queue raw child/internal output after mediated announce failure
- Issue #78527: newly added bindings may continue routing to main after Gateway restart
- PRs #78521 and #78525 address adjacent transport-boundary wrapping and inline skill tool-policy enforcement
- Reports are very fresh and some are still open
- Impact depends on which skills, channels, and routing patterns are enabled
- Operators should avoid publishing logs or queued payloads that contain private output while debugging