Summary

Critical Privacy Leak: Internal metadata and PII (Personal Identifiable Information) are exposed in "Media failed" error messages when a fetch fails.

Steps to reproduce

1. Trigger a media fetch operation that is guaranteed to fail (e.g., provide an invalid URL or a URL that results in a timeout/404).
2. Wait for the system to generate the error message in the chat interface.
3. Observe that the error bubble contains a serialized JSON dump of the entire conversation context and sender metadata.

Expected behavior

Error messages should be sanitized. They should only display a generic, user-friendly message (e.g., "⚠️ Media failed: [Reason]") without exposing internal system state, conversation IDs, or PII.

Actual behavior

The error message includes raw JSON under Conversation info (untrusted metadata) and Sender (untrusted metadata) headers. This leaks sensitive info such as:

• Private group subjects and IDs (@g.us).
• Real names and phone numbers of users (+90...).
• Internal system paths and error stack traces.

OpenClaw version

OpenClaw 2026.2.14 (c1feda1)

Operating system

Debian GNU/Linux 13 (trixie) / Kernel 6.12.63+deb13-amd64

Install method

npm global

Logs, screenshots, and evidence

Impact and severity

Additional information

No response