Detection Patterns

Anthropic uses token/phrase matching to detect OpenClaw system prompts. These triggers are found by binary searching the prompt against Claude’s API.

Confirmed triggers

Trigger Type Fix
personal assistant...inside OpenClaw Identity Replace with GlueClaw
HEARTBEAT_OK (heartbeat para) Token Replace GLUECLAW_ACK
## Reply Tags + [[reply_to_current]] Syntax Strip section
reply_to_current Reference Replace reply_current
[[reply_to: Syntax Replace [[reply:
openclaw.inbound_meta Schema glueclaw.inbound_meta
generated by OpenClaw Context generated by GlueClaw

Confirmed safe

Content Example
openclaw in file paths .../openclaw/skills/
openclaw in CLI commands openclaw gateway status
openclaw in URLs github.com/openclaw
OpenClaw in doc refs OpenClaw docs:
NO_REPLY token Silent reply marker
Runtime line format agent=main \| host=zmac
Skill descriptions OpenClaw deployments

Quick health check 

export GLUECLAW_KEY=local
openclaw agent --agent main \
  --message "say pineapple" 2>&1 | tail -n 1

pineapple = working. API Error: 400 = new trigger added.

Cron monitoring 

0 9 * * * GLUECLAW_KEY=local openclaw agent \
  --agent main --message "say pineapple" 2>&1 \
  | grep -q "pineapple" \
  || echo "GlueClaw blocked" \
  | mail -s "GlueClaw alert" you@example.com

If blocked again

  1. Dump the live prompt: add require("fs").writeFileSync("/tmp/gc-prompt.txt", cleanPrompt) to src/stream.ts after the scrub chain
  2. Trigger the failing path (TUI, agent, and Telegram get different prompts)
  3. Binary search: test first half vs second half with claude --system-prompt-file
  4. Narrow to exact lines
  5. Add new .replace() to the scrub chain
  6. Update this file

Timeline

2026-04-05 23:00 EDT

  • "personal assistant running inside OpenClaw" triggers block
  • File paths, CLI commands, URLs with “openclaw” are safe

2026-04-06 01:00 EDT

  • Full aggressive /openclaw/gi scrub works
  • TUI + Telegram working

2026-04-06 01:30 EDT

  • Case-sensitive scrub fails, case-insensitive passes

2026-04-06 02:30 EDT

  • Surgical scrub (identity phrase only) works initially

2026-04-06 13:30 EDT

  • HEARTBEAT_OK in heartbeat paragraph found as new trigger
  • GLUECLAW_ACK replacement fixes agent path
  • TUI still fails

2026-04-06 ~14:00 EDT

  • TUI prompt has Reply Tags section as additional trigger
  • Stripping section + replacing related tokens fixes TUI
  • openclaw.inbound_meta and generated by OpenClaw also scrubbed
This site uses Just the Docs, a documentation theme for Jekyll.