Skip to content

[Ubuntu 24.04][Agent&Skills] Nano Omni 30B hallucinates policy restrictions when no tools configured — claims /tmp blocked, network blocked #4850

Closed
Bug
#4875
Closed
[Ubuntu 24.04][Agent&Skills] Nano Omni 30B hallucinates policy restrictions when no tools configured — claims /tmp blocked, network blocked#4850
Bug
#4875
Labels
NV QABugs found by the NVIDIA QA Teamarea: inferenceInference routing, serving, model selection, or outputsplatform: ubuntuAffects Ubuntu Linux environmentsv0.0.61Release target
@hulynn

Description

@hulynn
hulynn
opened on Jun 5, 2026

Description

When nvidia/nemotron-3-nano-omni-30b-a3b-reasoning is asked to write a file or fetch a URL, it invents false policy restrictions rather than reporting that no tool is available. It claims /tmp is "blocked by operator" and "network access is blocked" — both incorrect. /tmp is writable (confirmed via docker exec) and the actual issue is that no file-write or bash-execute tools are configured in openclaw.json. Instead of honestly saying "I don't have a tool to do this," the model fabricates policy errors, misleading users into thinking they need to change policies rather than configure tools.

Environment

Device:        Ubuntu 24.04 server (galaxy-sku2-018, aarch64)
OS:            Ubuntu 24.04.4 LTS
Architecture:  aarch64
Node.js:       v22.22.3
npm:           10.9.8
Docker:        29.5.2
OpenShell CLI: 0.0.44
NemoClaw:      v0.0.59
OpenClaw:      2026.5.27 (27ae826)

Steps to Reproduce

  1. nemoclaw onboard with nvidia/nemotron-3-nano-omni-30b-a3b-reasoning (NVIDIA Endpoints)
  2. nemoclaw my-assistant connect && openclaw tui
  3. Send: Create a file called hello.py in /tmp with a simple hello world script, then run it.
  4. Observe model response
  5. Verify: docker exec -u sandbox <container> bash -c "echo test > /tmp/test.txt && echo SUCCESS"

Expected Result

Model responds: "I don't have a file-writing tool available in this session. I can show you the code but cannot create or run the file directly." (or similar honest response)

Actual Result

Model response (step 3):

"Access to the /tmp directory is currently blocked in this sandboxed environment.
 I cannot create /tmp/hello.py or execute it without operator approval to adjust
 the filesystem policy."

Verification (step 5): SUCCESS/tmp IS writable by the sandbox user.

Additional test — web fetch:

  • Request: Fetch the content of https://httpbin.org/get and summarize
  • Response: "Network access is currently blocked in this sandbox, so I cannot fetch https://httpbin.org/get."
  • Reality: The model has no web_fetch tool configured. It did not attempt a tool call. Instead it fabricated a total network blockage message.

Logs

openclaw.json tool section:

{"tools": {"toolSearch": true, "web": {"fetch": {"enabled": true}}}}

No bash_execute, write_file, or code-execution tools are present. The model was not given accurate information about which tools are available.

docker exec verification:

docker exec -u sandbox <container> bash -c "echo test > /tmp/test.txt && echo SUCCESS"
SUCCESS

NVB#6272826

Metadata

Metadata

Assignees

No one assigned

    Labels

    NV QABugs found by the NVIDIA QA Teamarea: inferenceInference routing, serving, model selection, or outputsplatform: ubuntuAffects Ubuntu Linux environmentsv0.0.61Release target

    Type

    Bug

    Fields

    No fields configured for Bug.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions