Grok (xAI) tool_call arguments are HTML-entity encoded, breaking exec tool #35173
Description
Bug: Grok (xAI) tool_call arguments are HTML-entity encoded, breaking exec tool
Summary
When using xai/grok-4-1-fast as the model for an agent, the exec tool calls have their command argument HTML-entity encoded. This causes all shell commands containing &&, quotes, <, > to fail with parse errors.
Reproduction
- Configure an agent with
"model": "xai/grok-4-1-fast"in openclaw.json - Send a message that requires shell command execution (e.g.,
source .env && psql "$DATABASE_URL" -c "SELECT 1") - Grok returns tool_call arguments like:
{"command": "source .env && psql "$DATABASE_URL" -c "SELECT 1""} - OpenClaw passes the HTML-encoded string directly to the shell
- Shell fails:
zsh:1: parse error near ';&'
Expected behavior
Tool call arguments should be HTML-decoded before being passed to the exec tool. The shell should receive:
source .env && psql "$DATABASE_URL" -c "SELECT 1"
Observed in session transcript
{
"type": "toolCall",
"name": "exec",
"arguments": {
"command": "cd ~/dev/vibe/caracle && source .env && psql "$DATABASE_URL_SESSION" -c "SELECT ...""
}
}All 5 parallel tool calls in the session failed with the same parse error near ';&'.
Environment
- OpenClaw version: 2026.2.26
- Model: xai/grok-4-1-fast
- Shell: zsh (would also fail in bash — HTML entities aren't valid in any shell)
- OS: Ubuntu 24.04
Workaround
Switch to google/gemini-3-flash-preview which does not HTML-encode tool arguments.
Possible fix
HTML-decode tool_call argument values before passing them to tool executors, or decode specifically in the xAI provider adapter when parsing the API response.