openclaw - 💡(How to fix) Fix [Bug]: openclaw-doctor silently self-triggers "npm install -g openclaw@latest" when a default-enabled plugin requires a newer version [1 comments, 2 participants]

Bug type

Behavior bug

Summary

On a service-managed Linux host running openclaw-gateway.service, openclaw-doctor silently issues npm install -g openclaw@latest --no-fund --no-audit --loglevel error against the global package whenever a bundled, default-enabled plugin (e.g. feishu, whatsapp) declares a minimum OpenClaw version higher than the one currently installed. This silently undoes a deliberate downgrade.

Steps to reproduce

1. Linux host, OpenClaw installed via npm install -g openclaw, gateway running as openclaw-gateway.service. Current version 2026.4.24.
2. Downgrade: npm install -g [email protected], restart the gateway.
3. Do not edit openclaw.json; leave default-enabled bundled plugins (feishu, whatsapp) enabled.
4. Within a few minutes the gateway logs:

   Invalid config at <state-dir>/openclaw.json:
   - plugins.entries.feishu:   plugin requires OpenClaw >=2026.4.24, but this host is 2026.4.23; skipping load
   - plugins.entries.whatsapp: plugin requires OpenClaw >=2026.4.24, but this host is 2026.4.23; skipping load
   Killing process <PID> (openclaw-doctor) with signal SIGKILL
   Killing process <PID> (npm install @anthropic-ai/sdk ...) with signal SIGKILL

5. ~/.npm/_logs/<ts>-debug-0.log shows:

   verbose title npm i openclaw@latest
   verbose argv "i" "--global" "openclaw@latest" "--no-fund" "--no-audit" "--loglevel" "error"
   silly fetch manifest [email protected]
   silly placeDep ROOT [email protected] OK

6. After the next restart the host is back on 2026.4.24 and the downgrade has been silently undone.

Expected behavior

Either:

• the doctor refuses to satisfy requires OpenClaw >= X by self-upgrading, and instead surfaces an actionable warning ("plugin X needs newer OpenClaw; either run 'openclaw update' or set enabled: false for this plugin"), or
• the self-upgrade is gated behind explicit opt-in (env var, config flag, or interactive confirmation). I could not find a documented opt-out — OPENCLAW_NO_AUTO_UPDATE and similar do not appear in the shipped bundle. Only OPENCLAW_UPDATE_IN_PROGRESS and OPENCLAW_NO_RESPAWN are referenced.

Actual behavior

The doctor silently issues npm install -g openclaw@latest. There is no [gateway] update started / [doctor] auto-upgrading log line that frames this as an automated update. The user only sees the killed-during-shutdown stragglers in the journal.

Workaround

Add the offending plugins to openclaw.json with enabled: false:

{
  "plugins": {
    "entries": {
      "feishu":   { "enabled": false },
      "whatsapp": { "enabled": false }
    }
  }
}

After that, the doctor stops self-triggering the upgrade and the downgrade is stable across restarts.

Environment

• OpenClaw: 2026.4.24, downgrade attempted to 2026.4.23
• OS: Linux, npm global install, systemd user service openclaw-gateway.service

Related

• #64892 — covers the agent-explicitly-asked self-upgrade case; this is the automatic, unprompted variant.
• #72206 — the 2026.4.24 cli-backend bug that motivates downgrading in the first place.