bug(openclaw-plugin): auto-recall contaminates cron runs with prior meta-discussion

[dreamcoin1998]

Pre-submission checklist

• I have searched existing issues and this hasn't been mentioned before
• I have read the project documentation and confirmed this issue doesn't already exist
• This issue is specific to MemOS and not a general software issue

Bug Description

When @memtensor/memos-local-openclaw-plugin is used as the OpenClaw memory slot, cron runs can be contaminated by prior meta-discussion about the cron itself.

The plugin performs auto-recall in before_agent_start for every turn. For cron runs, it uses the cron prompt as the recall query, which causes it to retrieve previous conversations about prompt tuning, policy changes, debugging, and rerun requests for that same cron job.

Those recalled memories are then injected back into the scheduled run as system context, so the cron output drifts away from the actual task and starts replying with unrelated meta-discussion.

Observed effects include:

• cron output says things like “I already changed the cron”
• output summarizes previous human discussions about task policy
• output mentions rerun/debugging status instead of only executing the scheduled task
• session logs contain injected memory blocks beginning with:
  • ## User's conversation history (from memory system)

This is especially harmful for autonomous scheduled jobs because it changes task semantics.

How to Reproduce

1. Install and enable @memtensor/memos-local-openclaw-plugin as the OpenClaw memory slot.
2. Create an OpenClaw cron job with a stable name and repeated scheduled runs.
3. Run the cron normally at least once.
4. In regular chat, discuss this cron job several times, for example:
   • ask why its output is wrong
   • ask to rewrite its prompt or policy
   • discuss whether it should trade or not trade
   • ask for reruns, debugging, or cron body changes
5. Let the cron run again.
6. Observe that the cron output begins to include prior meta-discussion instead of only the intended scheduled task output.

A representative session key pattern is:

• agent:main:cron:<jobId>

Relevant observations during reproduction:

• runtime logs showed auto-recall queries derived from the cron prompt itself
• session logs showed injected memory blocks starting with:
  • ## User's conversation history (from memory system)
• disabling the plugin and resetting the cron session immediately stopped the contamination

Environment

• Repository: MemTensor/MemOS
• Plugin package: @memtensor/memos-local-openclaw-plugin
• Plugin version: 1.0.3
• OpenClaw version: v2026.3.11
• Node.js runtime observed in gateway logs: v22.20.0
• Deployment: self-hosted OpenClaw gateway on Linux via systemd --user
• Plugin role: configured as the OpenClaw memory slot
• OpenClaw built-in memory search: disabled

Additional Context

This appears to be in the same problem family as existing issues/PRs around auto-recall and injected prompt contamination, but I could not find one specific to cron sessions.

From local investigation, the root cause appears to be:

1. auto-recall runs for cron turns without any cron/session exclusion
2. the recall query is built from the cron prompt itself
3. the cron uses a stable session key namespace like agent:main:cron:*
4. prior meta-discussion about the cron becomes highly retrievable and is injected back into later runs

Suggested fixes:

• skip auto-recall by default for cron sessions, e.g. agent:*:cron:*
• or add config such as:
  • autoRecall.excludeCron = true
  • autoRecall.excludeSessionKeyPrefixes
• or avoid using full cron prompts as recall queries
• or suppress recall of memories that are clearly meta-discussion about the current cron/job itself

Willingness to Implement

• I'm willing to implement this myself
• I would like someone else to implement this

[Vran9]

me too

[github-actions]

This issue has been automatically marked as stale due to inactivity.

[MaiHHConnect]

💬 我也在做记忆系统相关的工作：CausaMem，可以来看看，说不定有能借鉴的地方 🙂