Issue Station
Sign In
Tools hereToolbox

openclaw - 💡(How to fix) Fix webchat: system prompt context (MemOS <memories> block + startup instructions) leaked into user-visible chat [1 participants]

Official PRs (…)
ON THIS PAGE

Recommended Tools

×6

Utilities matched from this issue’s tags and category — try them while you read without losing context.

GitHub issue graph ai analysis

Paste a GitHub issue URL. We fetch that issue, discover linked issues from bodies/comments/timeline, collect linked pull requests, and produce a structured English report.

The report is written in English Markdown for sharing and archival.

Helpful · Quick feedback

Loading…
GitHub stats
openclaw/openclaw#58821Fetched 2026-04-08 02:32:20
View on GitHub
Comments
0
Participants
1
Timeline
0
Reactions
0
Author
lquklquk
Participants
lquklquk
RAW_BUFFERClick to expand / collapse

[Webchat] <memories>\ Block and System Startup Prompt Visible to User

Problem

When starting a new session via /new\ or /reset\ in the webchat channel, the user-visible chat UI renders raw internal system context that should be hidden:

1. MemOS <memories>\ XML block

The full memory recall block injected by \memos-cloud-openclaw-plugin\ appears verbatim in the chat:

\\xml <memories> <facts> -[2026-04-01 15:15] On April 1, 2026, at 3:15 PM (Asia/Shanghai), the assistant successfully executed... -[2026-04-01 14:04] The user requested to continue from where they left off... ... </facts> <preferences> -[2026-04-01 10:55] [Explicit Preference] The assistant should not mention... ... </preferences> </memories> \\

2. English System Startup Prompt

The raw session startup instructions are also visible:

\
A new session was started via /new or /reset. Run your Session Startup sequence... Do not mention internal steps, files, tools, or reasoning. Current time: Wednesday, April 1st, 2026 — 15:15 (Asia/Shanghai) \\

Both blocks are confirmed to be system-prompt-only content (injected for the LLM's context, not intended for user consumption). The same setup does not show these blocks in Telegram DM, suggesting this is specific to the webchat message rendering pipeline.

Environment

  • OpenClaw: v2026.3.31
  • Channel: webchat (not reproduced on Telegram)
  • Memory Plugin: memos-cloud-openclaw-plugin @0.1.11
  • OS: Windows_NT 10.0.26220
  • Config: \plugins.entries.memos-cloud-openclaw-plugin\ enabled with default recall settings

Expected Behavior

<memories>, \Original Query\ wrapper text, and system startup instructions should:

  • Be delivered only as system/context messages to the LLM
  • Not appear in the user-facing chat UI at all

Actual Behavior

All of the above is rendered as plain user-visible text in the webchat UI on every /new\ session startup.

Notes

  • No existing GitHub issues were found for this specific webchat rendering leak
  • Related leaks exist on other surfaces: #58788 (gateway logs in Telegram), #58783 (exec approval messages leaking to wrong topics)
  • This happens on every new session, so it's highly visible to users

Suggested Fix

Add a filter/rendering pass in the webchat UI to strip or hide any inbound messages matching known internal context patterns (e.g. <memories>\ blocks, \Original Query\ headers, system prompt envelopes) before displaying them in the chat view.

extent analysis

TL;DR

Add a filtering mechanism to the webchat UI to exclude internal context messages, such as <memories> blocks and system startup prompts, from being displayed to users.

Guidance

  • Identify the specific patterns of internal context messages that need to be filtered out, such as <memories> blocks and system startup prompts.
  • Implement a rendering pass in the webchat UI to strip or hide these messages before displaying them in the chat view.
  • Consider using a whitelist approach to only display messages that are explicitly marked as user-facing.
  • Verify that the filtering mechanism is working correctly by testing it with different types of internal context messages.

Example

// Pseudocode example of filtering out internal context messages
function filterInternalMessages(message) {
  if (message.includes('<memories>')) {
    return null; // or an empty string
  } else if (message.startsWith('A new session was started via /new or /reset.')) {
    return null; // or an empty string
  } else {
    return message;
  }
}

Notes

  • The filtering mechanism should be specific to the webchat UI, as the issue does not occur on other channels like Telegram.
  • The fix should be tested thoroughly to ensure that it does not introduce any unintended side effects or security vulnerabilities.

Recommendation

Apply a workaround by implementing a filtering mechanism in the webchat UI to exclude internal context messages, as the root cause of the issue is likely related to the rendering pipeline specific to the webchat channel.

Vote matrix · Quick signals

Works
Did the solution work? Tap to confirm.
Easy Fix
Was it a quick fix?
Time Saver
Did it save you time?
Blocking
Was it severely blocking?
Common Issue
Are others likely hitting this too?
Flaky / Intermittent
Is it intermittent?
Verified / Reproducible
Can you reproduce it reliably?
Loading…
#installation#tensor shape#autograd error#model save/load#optimization

Still need to ship something?

×6

Another batch ranked right after the header list — different links, same matching logic.

Back to top recommendations

TRENDING