[Bug]: Binary files (.doc) should not be auto-embedded as text content

[rilweic]

Bug type

Behavior bug (incorrect output/state without crash)

Summary

When receiving .doc files (MIME: application/x-cfb), OpenClaw core
auto-reads the binary content and embeds it into the prompt as text,
causing 70KB of garbage data and "high risk" rejections.
Expected: .doc files should be treated as binary attachments, not text.
Suggested: Use pandoc/catdoc to convert to text before embedding,
or skip content embedding for known binary formats.

Steps to reproduce

1. Send a .doc file (Microsoft Word 97-2003 format) to OpenClaw via Feishu channel
2. The file MIME type is application/x-cfb (binary OLE format)
3. OpenClaw core auto-reads the binary content and embeds it into the prompt
4. Result: 70KB of binary garbage data is inserted into the conversation history
5. Subsequent messages fail with "high risk" error from the LLM provider

Expected behavior

1. When receiving a .doc file, OpenClaw should either:

   • Skip embedding binary content (treat as attachment only)
   • OR convert to text first using tools like pandoc/catdoc

2. The conversation history should only contain clean text content,
   not raw binary data from .doc files

3. Subsequent messages should continue to work normally without
   "high risk" errors

Actual behavior

OpenClaw treats .doc binary files as text and embeds raw binary
content into prompts, causing LLM "high risk" rejections and
corrupted conversation sessions.

OpenClaw version

OpenClaw 2026.3.23-2

Operating system

Linux mint

Install method

No response

Model

kimi code 2.5

Provider / routing chain

feishu -> openclaw -> kimi-coding

Additional provider/model setup details

No response

Logs, screenshots, and evidence

Impact and severity

No response

Additional information

No response

[lndyzwdxhs]

Fixed in #54190
Root cause: isBinaryMediaMime() didn't recognize application/x-cfb or application/msword as binary MIME
types.

[clawsweeper]

Codex review: keeping this open for maintainer follow-up; there is still a little grit to resolve.

Keep open. Current main still lacks the legacy Word/OLE MIME guard in the media-understanding prompt embedding path, the latest release tag shows the same gap, and #73799 is an open implementation candidate that references this issue with closing syntax.

Required change / next step:

Do not queue a duplicate repair job because #73799 is already an open implementation PR for the same issue; the next action is maintainer review, update, merge, or intentional replacement of that PR.

Security review:

Security review: No patch is being reviewed; this issue concerns existing prompt embedding behavior for binary attachments.

Review details

Best possible solution:

Land #73799 or an equivalent narrow patch that treats application/x-cfb and application/msword as binary in src/media-understanding/apply.ts, preserves vendor +json and +xml text behavior, and adds focused regression tests in src/media-understanding/apply.test.ts.

What I checked:

• Current binary MIME guard omits legacy Word/OLE types: isBinaryMediaMime() handles image/audio/video, octet-stream, archive MIME types, +zip, and non-JSON/XML application/vnd.*, but it has no branch for application/x-cfb or application/msword. (src/media-understanding/apply.ts:349, 7c51cd2baf1c)
• Prompt embedding path depends on that guard: extractFileBlocks() skips an attachment before text heuristics only when isBinaryMediaMime(normalizedRawMime) returns true; otherwise it can coerce text-like bytes to text/plain and pass them into extractFileContentFromSource(). (src/media-understanding/apply.ts:430, 7c51cd2baf1c)
• Fallback binary signature check only covers ZIP markers: hasSuspiciousBinarySignal() returns false unless the first bytes match PK ZIP signatures, so it does not independently catch OLE/CFB .doc magic bytes. (src/media-understanding/apply.ts:265, 7c51cd2baf1c)
• Focused regression coverage is still absent: Nearby tests cover ZIP-based application/vnd.* Office attachments and vendor +json, and a focused search found no application/x-cfb or application/msword cases in the media-understanding apply tests. (src/media-understanding/apply.test.ts:1603, 7c51cd2baf1c)
• Adjacent MIME helpers do not fix this path: src/media/web-media.ts recognizes application/msword and separately allows sniffed application/x-cfb for .doc/.ppt/.xls, but that host-read validation is separate from the media-understanding prompt embedding guard. (src/media/web-media.ts:99, 7c51cd2baf1c)
• Latest release still lacks the fix: The v2026.4.26 tag has the same isBinaryMediaMime() behavior and the same nearby tests without application/x-cfb or application/msword coverage. (src/media-understanding/apply.ts:349, be8c24633aaa)

Likely related people:

• Peter Steinberger: Prior ClawSweeper context in this issue routes the central media-understanding implementation and tests around isBinaryMediaMime() to Peter's recent work in this file family. (role: recent media-understanding maintainer; confidence: medium; commits: a972c9ec4547, 6a67f6556885, 992b30604da7; files: src/media-understanding/apply.ts, src/media-understanding/apply.test.ts)
• lndyzwdxhs: The issue discussion identifies the missing application/x-cfb and application/msword handling as the root cause, and fix: treat application/x-cfb and application/msword as binary MIME types #54190 attempted the same narrow guard and tests. (role: root-cause commenter and prior focused fix author; confidence: medium; commits: 4edf64612ac3; files: src/media-understanding/apply.ts, src/media-understanding/apply.test.ts)
• andyliu: fix(media): treat legacy .doc containers as binary #54380 carried the same legacy Word/OLE binary guard and is credited as the source for the current open replacement PR fix(media): treat legacy Word docs as binary attachments #73799. (role: prior replacement fix author; confidence: medium; commits: c6f01584d0f2; files: src/media-understanding/apply.ts, src/media-understanding/apply.test.ts)

Remaining risk / open question:

• Legacy .doc/OLE attachments with application/x-cfb or application/msword can still reach text-like extraction on current main and pollute prompt history or trigger provider filtering.
• The requested behavior is not locked by focused regression coverage until fix(media): treat legacy Word docs as binary attachments #73799 or an equivalent patch lands.

Codex review notes: model gpt-5.5, reasoning high; reviewed against 7c51cd2baf1c.

[clawsweeper]

Codex review: keeping this open for maintainer follow-up; there is still a little grit to resolve.

Keep open. Current main still lacks the legacy Word/OLE MIME guard in the media-understanding prompt embedding path, and an open implementation PR now references this issue with closing syntax, so the issue should wait for that PR or an equivalent fix to land.

Required change / next step:

Not queueing another repair job because #73799 is already an open implementation PR for this issue; the next action is maintainer review, update, or merge of that PR rather than creating a duplicate fix branch.

Review details

Best possible solution:

Land #73799 or an equivalent narrow patch that treats application/x-cfb and application/msword as binary in src/media-understanding/apply.ts, with focused tests in src/media-understanding/apply.test.ts; close this issue only after that fix is on main.

What I checked:

• Current binary MIME guard omits legacy Word MIME types: isBinaryMediaMime() handles image/audio/video, octet-stream, common archives, +zip, and non-JSON/XML application/vnd.* payloads, but it has no application/x-cfb or application/msword branch. (src/media-understanding/apply.ts:349, acae48b790fa)
• Prompt embedding path still depends on that guard: extractFileBlocks() skips binary attachments only when isBinaryMediaMime(normalizedRawMime) returns true, then falls through to generic suspicious-byte and text-like heuristics. (src/media-understanding/apply.ts:430, acae48b790fa)
• Focused regression coverage is missing on main: Nearby tests cover ZIP-based application/vnd.* Office attachments and vendor +json, but repository search found no application/x-cfb or application/msword regression test in the media-understanding path. (src/media-understanding/apply.test.ts:1603, acae48b790fa)
• Related MIME helpers do not cover this path: Core media helpers know application/msword, and host-read validation separately permits sniffed application/x-cfb for .doc/.ppt/.xls, but that is not the isBinaryMediaMime() guard used before prompt embedding. (src/media/web-media.ts:252, acae48b790fa)
• Open implementation candidate exists: Provided GitHub context lists fix(media): treat legacy Word docs as binary attachments #73799 as open, unmerged, and explicitly intended to fix this issue by adding the two MIME guards and regression coverage; git ls-remote confirms its current head ref f4c42383aed1322574714e6515cb0d88070d60b2 and merge ref exist. (f4c42383aed1)
• Code history routing: Current checkout blame/log points the central media-understanding implementation and tests at commit a972c9ec45477735266d5501780e094468f859cd by Peter Steinberger; prior focused unmerged fixes in the provided context were authored by lndyzwdxhs and andyliu. (src/media-understanding/apply.ts:349, a972c9ec4547)

Likely related people:

• Peter Steinberger: Current git blame and git log -S'isBinaryMediaMime' route the central isBinaryMediaMime() implementation and media-understanding tests in this checkout to Peter's commit. (role: current media-understanding maintainer; confidence: high; commits: a972c9ec4547; files: src/media-understanding/apply.ts, src/media-understanding/apply.test.ts)
• lndyzwdxhs: The issue discussion identifies the missing application/x-cfb/application/msword handling as the root cause, and the provided context shows lndyzwdxhs authored the first focused unmerged PR fix: treat application/x-cfb and application/msword as binary MIME types #54190 against the same files. (role: prior focused fix author and root-cause commenter; confidence: medium; commits: 4edf64612ac3; files: src/media-understanding/apply.ts, src/media-understanding/apply.test.ts)
• andyliu: The provided context shows andyliu authored the later unmerged source PR fix(media): treat legacy .doc containers as binary #54380, which fix(media): treat legacy Word docs as binary attachments #73799 credits as the base for the current open implementation candidate. (role: prior replacement fix author; confidence: medium; commits: c6f01584d0f2; files: src/media-understanding/apply.ts, src/media-understanding/apply.test.ts)

Remaining risk / open question:

• Legacy .doc/OLE attachments with application/x-cfb or application/msword can still reach text-like extraction on current main and pollute prompts or trigger provider filtering.
• The requested skip behavior is not locked by focused regression coverage until fix(media): treat legacy Word docs as binary attachments #73799 or an equivalent patch lands.

Codex review notes: model gpt-5.5, reasoning high; reviewed against acae48b790fa.