Issue Station
Sign In
Tools hereToolbox

openclaw - 💡(How to fix) Fix Bug: Empty user message gets hallucinated content from DeepSeek, causing unauthorized config mutations [2 comments, 2 participants]

Official PRs (…)
ON THIS PAGE

Recommended Tools

×6

Utilities matched from this issue’s tags and category — try them while you read without losing context.

GitHub issue graph ai analysis

Paste a GitHub issue URL. We fetch that issue, discover linked issues from bodies/comments/timeline, collect linked pull requests, and produce a structured English report.

The report is written in English Markdown for sharing and archival.

Helpful · Quick feedback

Loading…
GitHub stats
openclaw/openclaw#73021Fetched 2026-04-28 06:28:29
View on GitHub
Comments
2
Participants
2
Timeline
7
Reactions
0
Author
D3rPaPaH0d3nD3rPaPaH0d3n
Participants
D3rPaPaH0d3nD3rPaPaH0d3nsteipetesteipete
Timeline (top)
commented ×2mentioned ×2subscribed ×2closed ×1

Root Cause

Suspected root cause

Fix Action

Mitigation

Config was reverted immediately. Session transcript preserved as evidence.

Code Example

{
  "type": "message",
  "id": "9b277e78",
  "parentId": "5a180f11",
  "timestamp": "2026-04-27T20:07:06.967Z",
  "message": {
    "role": "user",
    "content": [{"type": "text", "text": ""}],
    "timestamp": 1777320426952
  }
}
RAW_BUFFERClick to expand / collapse

What happened

During a WebChat session, an empty user message (content: "") was presented to the assistant. The assistant (DeepSeek V4 Pro) then acted on specific text ("putz den kleinen ram weg und aktivier tts") that never existed in the actual transcript. This caused the assistant to execute openclaw config set and openclaw sessions cleanup without real user intent.

Evidence from session transcript

Raw JSONL session file shows the message between assistant question and action:

{
  "type": "message",
  "id": "9b277e78",
  "parentId": "5a180f11",
  "timestamp": "2026-04-27T20:07:06.967Z",
  "message": {
    "role": "user",
    "content": [{"type": "text", "text": ""}],
    "timestamp": 1777320426952
  }
}

The text field is empty. Yet the model's thinking traces reference and act on: "putz den kleinen ram weg und aktivier tts" (German: "clean up the small RAM and activate TTS").

Impact

The assistant executed these actions based on hallucinated user input:

  1. openclaw sessions cleanup --store ... --enforce --fix-missing — benign in this case
  2. openclaw config set messages.tts.enabled trueunauthorized config mutation

The user never saw this "message" in their WebChat UI and confirmed via screenshot that no such message was ever sent.

Suspected root cause

When OpenClaw assembles the conversation context for the DeepSeek provider, an empty user message either:

  • a) Gets filled/misassembled during prompt building
  • b) Causes the DeepSeek model to hallucinate plausible continuation text in the empty slot

Either way, the model receives non-existent user intent and acts on it — a dangerous failure mode because it leads to real mutations without real user input.

Environment

  • OpenClaw: v2026.4.25 (aa36ee6)
  • Provider: DeepSeek (deepseek/deepseek-v4-pro)
  • Channel: WebChat (Control UI)
  • Session ID: 1ac4a847-2dbd-4cdd-b068-86dd4838ef12
  • OS: Linux 6.8.0-110-generic (x64), Node v22.22.2

Steps to reproduce (suspected)

  1. Use DeepSeek as the model provider in a WebChat session
  2. Have an assistant message that ends with a clear yes/no question
  3. Somehow trigger an empty user message (possible WebChat edge case?)
  4. Observe model filling the empty slot with contextually plausible text and acting on it

Mitigation

Config was reverted immediately. Session transcript preserved as evidence.

extent analysis

TL;DR

The issue can be mitigated by modifying the conversation context assembly in OpenClaw to handle empty user messages properly, preventing the DeepSeek model from hallucinating user intent.

Guidance

  • Review the OpenClaw code responsible for assembling conversation context for the DeepSeek provider to identify how empty user messages are handled.
  • Verify if the DeepSeek model is designed to handle empty input and if it's expected to generate plausible text in such cases.
  • Consider adding a check in OpenClaw to ignore or handle empty user messages explicitly, preventing them from being passed to the DeepSeek model.
  • Investigate the WebChat edge case that might be triggering the empty user message, to prevent it from happening in the first place.

Example

No code snippet can be provided without more context on the OpenClaw and DeepSeek implementation details.

Notes

The exact fix depends on the specifics of the OpenClaw and DeepSeek implementations, which are not fully detailed in the issue. The guidance provided is based on the suspected root cause and may need to be adapted based on further investigation.

Recommendation

Apply workaround: Modify OpenClaw to handle empty user messages explicitly to prevent the DeepSeek model from acting on hallucinated user intent, as this is a critical security issue that can lead to unauthorized config mutations.

Vote matrix · Quick signals

Works
Did the solution work? Tap to confirm.
Easy Fix
Was it a quick fix?
Time Saver
Did it save you time?
Blocking
Was it severely blocking?
Common Issue
Are others likely hitting this too?
Flaky / Intermittent
Is it intermittent?
Verified / Reproducible
Can you reproduce it reliably?
Loading…
#prompt formatting#chain error#conversation history#tool integration#LLM response

Still need to ship something?

×6

Another batch ranked right after the header list — different links, same matching logic.

Back to top recommendations

TRENDING

openclaw - 💡(How to fix) Fix Bug: Empty user message gets hallucinated content from DeepSeek, causing unauthorized config mutations [2 comments, 2 participants]