Bug type
Behavior bug (incorrect output/state without crash)
Beta release blocker
Yes
Summary
A recurring isolated cron run on Kimi received the correct prompt, then diverged into unrelated Chinese task context and emitted malformed tool calls. OpenClaw subsequently attempted unintended browser actions, including opening unrelated domains such as baidu.com. This appears more severe than simple wrong-language output because the contamination affected tool execution, not just final text.
Steps to reproduce
Not reliably reproducible.
Observed in a setup using recurring isolated cron agentTurn jobs on:
• kimi/kimi-code
• fallback: kimi/kimi-linear
Expected behavior
The cron job should stay within its own task and emit valid tool calls only.
Actual behavior
Observed symptoms:
• unrelated Chinese task context appeared inside the cron run
• malformed tool-call arguments were generated
• invalid file paths were attempted
• browser-open attempts targeted unrelated URLs including Baidu and Eastmoney
• repeated retries caused notification spam
OpenClaw version
2026.4.8
Operating system
macOS Tahoe 26.3.1 (a)
Install method
Local gateway install
Model
kimi/kimi-code
Provider / routing chain
Kimi, with fallback to kimi/kimi-linear
Additional provider/model setup details
This incident occurred after migrating recurring cron jobs from Anthropic/Haiku to Kimi. The affected job ran as an isolated cron agentTurn on kimi/kimi-code with fallback to kimi/kimi-linear. The saved cron payload on disk was correct, so the failure appears to have been introduced at runtime inside the isolated run rather than by a bad stored prompt or config.
Logs, screenshots, and evidence
The stored cron payload on disk was correct and did not contain the unrelated Chinese-finance task content. However, the isolated cron run session itself diverged into unrelated Chinese task context, produced malformed tool arguments, attempted invalid file paths, and triggered browser-open attempts to unrelated domains including https://www.baidu.com.
Impact and severity
High / security-sensitive.
If the malformed tool calls had happened to be valid in the local environment, unintended actions could have succeeded.
Additional information
• Stored cron payload on disk was correct
• Problem occurred during the isolated run itself, not in the saved cron definition
• May be related to #62580, but this case appears more severe because it crossed into tool execution
• Suspected cause may involve some combination of provider/model contamination, isolated cron session reuse, and brittle tool-call parsing/execution of corrupted output
• This cron was migrated from Anthropic Haiku; cron behaved as expected on Haiku
Bug type
Behavior bug (incorrect output/state without crash)
Beta release blocker
Yes
Summary
A recurring isolated cron run on Kimi received the correct prompt, then diverged into unrelated Chinese task context and emitted malformed tool calls. OpenClaw subsequently attempted unintended browser actions, including opening unrelated domains such as baidu.com. This appears more severe than simple wrong-language output because the contamination affected tool execution, not just final text.
Steps to reproduce
Not reliably reproducible.
Observed in a setup using recurring isolated cron agentTurn jobs on:
• kimi/kimi-code
• fallback: kimi/kimi-linear
Expected behavior
The cron job should stay within its own task and emit valid tool calls only.
Actual behavior
Observed symptoms:
• unrelated Chinese task context appeared inside the cron run
• malformed tool-call arguments were generated
• invalid file paths were attempted
• browser-open attempts targeted unrelated URLs including Baidu and Eastmoney
• repeated retries caused notification spam
OpenClaw version
2026.4.8
Operating system
macOS Tahoe 26.3.1 (a)
Install method
Local gateway install
Model
kimi/kimi-code
Provider / routing chain
Kimi, with fallback to kimi/kimi-linear
Additional provider/model setup details
This incident occurred after migrating recurring cron jobs from Anthropic/Haiku to Kimi. The affected job ran as an isolated cron agentTurn on kimi/kimi-code with fallback to kimi/kimi-linear. The saved cron payload on disk was correct, so the failure appears to have been introduced at runtime inside the isolated run rather than by a bad stored prompt or config.
Logs, screenshots, and evidence
Impact and severity
High / security-sensitive.
If the malformed tool calls had happened to be valid in the local environment, unintended actions could have succeeded.
Additional information
• Stored cron payload on disk was correct
• Problem occurred during the isolated run itself, not in the saved cron definition
• May be related to #62580, but this case appears more severe because it crossed into tool execution
• Suspected cause may involve some combination of provider/model contamination, isolated cron session reuse, and brittle tool-call parsing/execution of corrupted output
• This cron was migrated from Anthropic Haiku; cron behaved as expected on Haiku