Skip to content

[Bug]: Bundled channel onboarding can install duplicate npm plugin copies #40092

Closed
#40094
Closed
[Bug]: Bundled channel onboarding can install duplicate npm plugin copies#40092
#40094
Labels
maintainerMaintainer-authored PR
@Takhoffman

Description

@Takhoffman
Takhoffman
opened on Mar 8, 2026

Bug type

Behavior bug (incorrect output/state without crash)

Summary

Bundled channel onboarding/update can prefer an npm-installed plugin over the already bundled copy, creating duplicate plugin IDs and letting the npm copy shadow the bundled one.

Steps to reproduce

  1. Install openclaw from npm and use a release channel (stable or beta).
  2. Start channel onboarding for a bundled plugin that is also installable from npm, such as Feishu or Microsoft Teams.
  3. Accept the default plugin install choice, or run a core update that syncs plugin sources on the same release channel.
  4. Reload plugins or restart the gateway.

Expected behavior

If a matching bundled plugin already exists locally, onboarding and release-channel plugin sync should keep using that bundled copy instead of creating a second npm-installed copy.

Actual behavior

Onboarding can default to npm even when a bundled copy exists, and release-channel sync can convert an explicit bundled path install back to npm. That creates duplicate plugin IDs, emits duplicate-plugin diagnostics, and lets the npm-installed copy shadow the bundled one. When the npm-installed copy has packaging gaps, bundled channels such as Feishu or Teams fail to load or run correctly.

OpenClaw version

2026.3.7

Operating system

Reported on macOS and Linux

Install method

npm global

Logs, screenshots, and evidence

[plugins] duplicate plugin id detected; later plugin may be overridden (...)

Related reports:

Impact and severity

Affected: bundled channel plugins that also have npm install paths
Severity: High for affected onboarding/update flows because the wrong plugin copy can be activated
Frequency: Reproducible when a bundled plugin is installed via the npm path on release channels
Consequence: failed plugin onboarding, plugin shadowing, and runtime breakage when the npm-installed copy is incomplete

Additional information

This appears to be the shared root cause behind multiple plugin-install failures reported after v2026.3.7. The scoped plugin-SDK import changes made the bad winner selection more visible, but the underlying problem is install-source selection and release-channel sync choosing npm over an available bundled plugin.

Metadata

Metadata

Assignees

No one assigned

    Labels

    maintainerMaintainer-authored PR

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions