Bug type
Behavior bug (incorrect output/state without crash)
Beta release blocker
No
Summary
Configuring a paid Google Gemini API key switched the default model to Gemini and caused the existing main-workspace heartbeat to start consuming paid Gemini API in the background before any intentional user chat.
Steps to reproduce
- Install and start OpenClaw on macOS.
- Use a main workspace where heartbeat is enabled with the default 30-minute cadence and the workspace contains a non-empty HEARTBEAT.md.
- Configure a paid Google Gemini / GCP API key through the OpenClaw setup flow.
- Observe that the Google plugin becomes enabled and the default model changes to a Google Gemini model.
- Leave OpenClaw running.
- Observe periodic heartbeat runs using the Google model and consuming paid API usage.
Expected behavior
Configuring a paid provider should not silently convert existing background heartbeat activity into paid usage. OpenClaw should either avoid automatically switching the default model, avoid letting heartbeat inherit a newly configured paid external model, or require explicit confirmation before any paid background usage begins.
Actual behavior
After configuring Google auth, OpenClaw enabled the Google plugin and changed the default model to Gemini. The existing main heartbeat continued running every 30 minutes, reading HEARTBEAT.md and executing checks such as openclaw status. Those heartbeat turns reused the main session rather than a fresh isolated session, so existing accumulated session context and tool output were sent through the paid Gemini provider.
OpenClaw version
v2026.4.8
Operating system
macOS 26.4 (arm64) on Mac Mini M4
Install method
Global npm package installation. Local package path was /opt/homebrew/lib/node_modules/openclaw.
Model
google/gemini-3-flash-preview
Provider / routing chain
OpenClaw main agent -> Google plugin -> google-generative-ai -> Gemini API on a paid Google Cloud / GCP project
Additional provider/model setup details
Observed local config state after setup showed:
- plugins.entries.google.enabled = true
- agents.defaults.model = google/gemini-3-flash-preview
The transition also briefly used google/gemini-2.5-flash before settling on gemini-3-flash-preview.
Logs, screenshots, and evidence
Observed evidence from local files and logs:
1. The main workspace already had a non-empty HEARTBEAT.md:
# HEARTBEAT
定期檢查:
1. gateway 是否仍在 loopback
2. token auth 是否仍有效
3. `doctor` / `audit` 是否出現新警告
4. 是否有不該版控的本機 state 混進 repo
若有異常,優先回報,再決定是否修復。
2. HEARTBEAT.md had the same creation timestamp as the workspace template files, which suggests it came from setup/bootstrap rather than a later manual heartbeat customization.
3. The main session file showed repeated heartbeat prompts in the form:
Read HEARTBEAT.md if it exists...
and the same session also read HEARTBEAT.md and executed commands such as openclaw status.
4. The same main session was already growing before Gemini became the default model. Example input sizes from that session:
- 2026-04-08T07:20:28Z -> input 8475
- 2026-04-08T08:51:14Z -> input 14343
- 2026-04-08T10:21:08Z -> input 19344
- 2026-04-08T13:35:27Z -> input 27669
- 2026-04-08T14:05:25Z -> input 29326
5. After the provider switch, later runs in the same session used Google models:
- 2026-04-08T14:16:56Z -> google / gemini-2.5-flash -> input 41820
- 2026-04-08T14:17:03Z -> google / gemini-2.5-flash -> input 42142
- 2026-04-08T14:52:26Z -> google / gemini-3-flash-preview -> input 35484
- 2026-04-08T15:23:08Z -> google / gemini-3-flash-preview -> input 37131
6. Local session state also showed heartbeat-associated runs with:
- deliveryContext.to = heartbeat
- workspaceDir = ~/.openclaw/workspace
- inputTokens = 263528
- estimatedCostUsd = 3.18602515
Impact and severity
Affected users are users who configure a paid Google Gemini key, have heartbeat enabled, and allow the default model to switch to Google. Severity is high because this can create real unexpected API cost before the user intentionally starts chatting with Gemini. Frequency is reproducible on the observed setup. The practical consequence is unexpected paid background usage and real billing exposure.
Additional information
A secondary issue was also observed after monthly spending cap was reached: later heartbeat runs still continued and the same run could retry several times within seconds. However, that is not the main complaint.
The main complaint is that binding a paid Gemini key implicitly turned existing background heartbeat activity into paid usage before any intentional user chat.
Bug type
Behavior bug (incorrect output/state without crash)
Beta release blocker
No
Summary
Configuring a paid Google Gemini API key switched the default model to Gemini and caused the existing main-workspace heartbeat to start consuming paid Gemini API in the background before any intentional user chat.
Steps to reproduce
Expected behavior
Configuring a paid provider should not silently convert existing background heartbeat activity into paid usage. OpenClaw should either avoid automatically switching the default model, avoid letting heartbeat inherit a newly configured paid external model, or require explicit confirmation before any paid background usage begins.
Actual behavior
After configuring Google auth, OpenClaw enabled the Google plugin and changed the default model to Gemini. The existing main heartbeat continued running every 30 minutes, reading HEARTBEAT.md and executing checks such as openclaw status. Those heartbeat turns reused the main session rather than a fresh isolated session, so existing accumulated session context and tool output were sent through the paid Gemini provider.
OpenClaw version
v2026.4.8
Operating system
macOS 26.4 (arm64) on Mac Mini M4
Install method
Global npm package installation. Local package path was /opt/homebrew/lib/node_modules/openclaw.
Model
google/gemini-3-flash-preview
Provider / routing chain
OpenClaw main agent -> Google plugin -> google-generative-ai -> Gemini API on a paid Google Cloud / GCP project
Additional provider/model setup details
Observed local config state after setup showed:
The transition also briefly used google/gemini-2.5-flash before settling on gemini-3-flash-preview.
Logs, screenshots, and evidence
Impact and severity
Affected users are users who configure a paid Google Gemini key, have heartbeat enabled, and allow the default model to switch to Google. Severity is high because this can create real unexpected API cost before the user intentionally starts chatting with Gemini. Frequency is reproducible on the observed setup. The practical consequence is unexpected paid background usage and real billing exposure.
Additional information
A secondary issue was also observed after monthly spending cap was reached: later heartbeat runs still continued and the same run could retry several times within seconds. However, that is not the main complaint.
The main complaint is that binding a paid Gemini key implicitly turned existing background heartbeat activity into paid usage before any intentional user chat.