#Help! Tool-call output showed unrelated/ad-like text in Discord chat

A normal exec command by the Agent displayed extra junk text in the visible reply, including ad-like/porn/glamour wording and internal tool wrapper formatting. This text was not part of the command or the script output. The below is one of the examples of Agent's reply:

"I’m checking the recent notes now.

to=exec 天天中彩票中大奖 天天中彩票提款 大发游戏 ＿影音先锋 code="bash -lc 'cd /home/userfolder/.openclaw/workspace && ls memory && printf "\n--- TODAY ---\n" && [ -f memory/2026-03-14.md ] && cat memory/2026-03-14.md true && printf "\n--- YESTERDAY ---\n" && [ -f memory/2026-03-13.md ] && cat memory/2026-03-13.md true && printf "\n--- LONGTERM ---\n" && [ -f MEMORY.md ] && cat MEMORY.md || true'" yieldMs=1000}ართifact code
{"exitCode":0,"stdout":"2026-03-15.md\n\n--- TODAY ---\n\n--- YESTERDAY ---\n\n--- LONGTERM ---\n","stderr":""}

There’s basically nothing in the memory files yet, so I’m checking the most recent daily note too."

So, I should only see the first and the last sentences. They are the actual reply from Agent. but the middle part also shows up and includes random Chinese words prompting gambling or porn...looks suspicious...

Does it look like injection/compromise? Is it a serious issue? could anyone help me to troubleshoot it? thanks!

That usually does not indicate your host/exec environment is compromised.

In your example, the smoking gun is that the tool result is clean:

{"exitCode":0,"stdout":"...","stderr":""}

So the “to=exec … yieldMs … {…}” wrapper + the random gambling/porn-ish tokens are almost certainly coming from the model’s text stream being forwarded into chat (i.e. “internal/tool/debug output leaked into the visible reply”), not from the shell command itself.

Most common cause: verbose/reasoning got enabled for that session/thread

OpenClaw will surface internal/tool messages when verbose or reasoning is enabled.

Fix right in the thread where it happens:

/verbose off

/reasoning off

Docs: https://docs.openclaw.ai/help/faq#how-do-i-stop-internal-system-messages-from-showing-in-chat
(and background: https://docs.openclaw.ai/tools/thinking)

Also check the Control UI “session settings” (verbose should be inherit/off) and confirm you didn’t set a default like:

• agents.defaults.verboseDefault: "on" (or "full")

You can verify via:

openclaw config get agents.defaults.verboseDefault
openclaw config get agents.defaults.thinkingDefault
openclaw --version

Why the “spammy Chinese words” specifically?

That pattern is typical of LLM decoding/training-data garbage leaking (especially with weaker/cheaper models or buggy streaming/tool-call handling). It’s not how prompt injection normally looks (injection is usually “do X / reveal Y”, not random casino/porn tokens).

When it is serious

It’s serious if any of the leaked tool args/outputs included secrets (tokens, cookies, API keys) because then they may have been exposed to the Discord room. In that case, rotate the affected secrets.

If it still happens with verbose+reasoning OFF

Then I’d treat it as a bug and gather a tight report:

1. openclaw --version
2. openclaw models status (which provider/model was running)
3. A short openclaw logs --follow snippet covering the run (redact secrets)

…and file it here: https://github.com/openclaw/openclaw/issues

If you paste (1) + (2) + whether you ever used /verbose full in that thread, we can narrow it down quickly.