Description
At the API key prompts during nemoclaw onboard (Options 2 OpenAI, 4 Anthropic, 6 Google Gemini, and possibly 8 Model Router), the documented navigation keywords back and exit are accepted as the literal API key value. The wizard masks the input as ****, then stages a credential like OPENAI_API_KEY=back or ANTHROPIC_API_KEY=exit into the OpenShell gateway.
The doc (get-started/quickstart.html) explicitly promises:
"At any prompt, press Enter to accept the default ... type back to return to the previous prompt, or type exit to quit."
…so this contradicts the contract. Users who try to navigate end up with bad credentials silently staged. The only escape from a key prompt is to enter ANY value, then exit via the post-validation recovery menu (which itself masks input but does honor keywords correctly).
Environment
Host: macOS 26.1
Architecture: arm64 (Apple Silicon M4)
Container runtime: Colima
NemoClaw: v0.0.44
OpenShell CLI: 0.0.39
OpenClaw: 2026.4.24
Steps to Reproduce
nemoclaw onboard- At the provider picker, choose Option 2 (OpenAI), 4 (Anthropic), or 6 (Google Gemini).
- At the API key prompt (e.g.
OpenAI API key:), type: back
- Press Enter.
- Observe the wizard accepts
back as the key (input masked to ****), continues to model selection.
- Repeat with the literal word
exit at the key prompt — same behavior.
Expected Result
Either of:
back returns to the provider picker, exit aborts onboard cleanly (matches the doc-promised behavior of "any prompt"); OR- The wizard rejects
back / exit at the key prompt with a clear message, e.g. "Navigation keywords are not honored here — enter a valid API key, or press Ctrl-C to abort."
Both options leave the user with no silently-staged bad credential.
Actual Result
The wizard accepts back / exit as the literal API key value, masks display as ****, and stages OPENAI_API_KEY=back (or ANTHROPIC_API_KEY=exit, GEMINI_API_KEY=exit) into the gateway as if it were a real key. Validation then fails or succeeds depending on provider, but in either case the user has no easy way back.
OPENAI_API_KEY=**** (staged)
Affected Options
Options 2 (OpenAI), 4 (Anthropic), 6 (Google Gemini) confirmed.
Option 8 (Model Router) skipped this prompt entirely on the test host because NVIDIA_API_KEY was already exported — could not verify, but the same key-input path likely applies.
Contrast — where keywords DO work
- URL prompts (Options 3 OpenAI-compatible, 5 NVIDIA NIM endpoint, 8 model router URL):
back works correctly → "Returning to provider selection."
- Model picker:
exit works correctly.
- Post-validation recovery prompt (
retry/back/exit [retry]:): all three honored.
So the bug is scoped specifically to the masked-input (API key) path.
Proposed Fix
Before accepting a masked-input value as the credential, check for the literal strings back, exit, ?, help and treat them as control keywords — same dispatcher used by the URL/model prompts.
If the team prefers to keep masked input pure (no in-band keywords), at minimum print an inline hint (masked: press Ctrl-C to abort) so users stop trying back/exit, AND update the doc to say keywords are not honored at credential prompts.
Cleanup note (positive observation)
Aborting at the Review step (n) prints:
"Credentials entered so far were only staged in memory for this run. No new gateway credential was registered because onboarding stopped here."
So the bad OPENAI_API_KEY=back / ANTHROPIC_API_KEY=exit values were never persisted on this test run — but only because the user happened to abort at Review. If they had confirmed Y at Review, the bad key would have shipped to the gateway. The in-memory-only staging is good product behavior worth documenting explicitly.
Logs
Not captured beyond the diagnostic shown above. Full validation transcript at nemoclaw-test/nemoclaw-doc-validation-2026-05-18.md (section "Critical #1").
NVB#6187084
Description
At the API key prompts during
nemoclaw onboard(Options 2 OpenAI, 4 Anthropic, 6 Google Gemini, and possibly 8 Model Router), the documented navigation keywordsbackandexitare accepted as the literal API key value. The wizard masks the input as****, then stages a credential likeOPENAI_API_KEY=backorANTHROPIC_API_KEY=exitinto the OpenShell gateway.The doc (
get-started/quickstart.html) explicitly promises:…so this contradicts the contract. Users who try to navigate end up with bad credentials silently staged. The only escape from a key prompt is to enter ANY value, then exit via the post-validation recovery menu (which itself masks input but does honor keywords correctly).
Environment
Steps to Reproduce
nemoclaw onboardOpenAI API key:), type:backbackas the key (input masked to****), continues to model selection.exitat the key prompt — same behavior.Expected Result
Either of:
backreturns to the provider picker,exitaborts onboard cleanly (matches the doc-promised behavior of "any prompt"); ORback/exitat the key prompt with a clear message, e.g. "Navigation keywords are not honored here — enter a valid API key, or press Ctrl-C to abort."Both options leave the user with no silently-staged bad credential.
Actual Result
The wizard accepts
back/exitas the literal API key value, masks display as****, and stagesOPENAI_API_KEY=back(orANTHROPIC_API_KEY=exit,GEMINI_API_KEY=exit) into the gateway as if it were a real key. Validation then fails or succeeds depending on provider, but in either case the user has no easy way back.Affected Options
Options 2 (OpenAI), 4 (Anthropic), 6 (Google Gemini) confirmed.
Option 8 (Model Router) skipped this prompt entirely on the test host because
NVIDIA_API_KEYwas already exported — could not verify, but the same key-input path likely applies.Contrast — where keywords DO work
backworks correctly → "Returning to provider selection."exitworks correctly.retry/back/exit [retry]:): all three honored.So the bug is scoped specifically to the masked-input (API key) path.
Proposed Fix
Before accepting a masked-input value as the credential, check for the literal strings
back,exit,?,helpand treat them as control keywords — same dispatcher used by the URL/model prompts.If the team prefers to keep masked input pure (no in-band keywords), at minimum print an inline hint
(masked: press Ctrl-C to abort)so users stop tryingback/exit, AND update the doc to say keywords are not honored at credential prompts.Cleanup note (positive observation)
Aborting at the Review step (
n) prints:So the bad
OPENAI_API_KEY=back/ANTHROPIC_API_KEY=exitvalues were never persisted on this test run — but only because the user happened to abort at Review. If they had confirmedYat Review, the bad key would have shipped to the gateway. The in-memory-only staging is good product behavior worth documenting explicitly.Logs
Not captured beyond the diagnostic shown above. Full validation transcript at
nemoclaw-test/nemoclaw-doc-validation-2026-05-18.md(section "Critical #1").NVB#6187084