So this is a fun one. I woke up one morning to discover that my OpenClaw AI agent had randomly messaged my girlfriend on WhatsApp — completely on its own, while I was asleep. Yeah. That happened.
If you’re running OpenClaw and you’ve recently switched from WhatsApp to Discord as your primary messaging channel, you might run into the exact same issue. Here’s what went wrong and how I fixed it.
What Happened
I’d been using OpenClaw with WhatsApp for a while, but eventually decided to move everything over to Discord. I thought I’d done all the right steps — unlinked my phone number, set up Discord as my main channel. Done, right?
Wrong. While I was sleeping, my OpenClaw agent started trying to revive the WhatsApp gateway connection. Every time my girlfriend sent me a message on WhatsApp, it triggered a pairing request from my agent. She woke up to a bunch of weird automated messages, and I woke up to a notification from my agent on Discord saying “WhatsApp pairing required.”
Not exactly the good morning text either of us was expecting.
Why This Is a Bigger Deal Than It Sounds
Now, luckily this was just a pairing request — not my AI agent having a full conversation with my girlfriend pretending to be me. But it raises a real concern. Cisco’s security researchers have flagged OpenClaw’s messaging integrations as a potential attack surface, noting that the platform’s deep ties to WhatsApp, Discord, and Telegram could lead to unintended behavior if not properly configured.
And that’s exactly what happened here — not from a malicious actor, but from leftover config files. If your AI agent can autonomously send messages on your behalf, you need to make absolutely sure it’s only connected to the channels you actually want it on. The margin for error is slim.
The Two Things I Missed
After some digging, I found two things that were still keeping my WhatsApp connection alive even though I thought I’d removed it.
1. The openclaw.json Config File
This is the big one. Even though I’d “unlinked” WhatsApp, my openclaw.json config file still had my WhatsApp credentials and phone number sitting in the channels section. OpenClaw reads this config on startup, and if it sees WhatsApp credentials there, it’ll try to connect.
The fix is straightforward. Open your terminal and run:
openclaw config get channels
If you see a WhatsApp section in there, remove it entirely. Then verify it’s gone:
openclaw config get channels.whatsapp
If you get a “path not found” or error message, you’re clean.
2. WhatsApp Linked Devices
This one’s easy to overlook. Inside the WhatsApp app itself, go to Settings → Linked Devices. I’d forgotten to unlink the OpenClaw device session from there. Even with the config cleaned up, a lingering linked device session means WhatsApp still thinks your agent is an authorized device.
Remove any OpenClaw-related linked devices, and you should be good.
How OpenClaw’s Channel System Works
For context, OpenClaw manages messaging through a channel-based architecture. You can connect multiple platforms — WhatsApp, Discord, Telegram — and route different agents to different channels using bindings in your config. The openclaw.json file stores your channel accounts, credentials, and routing rules. When the gateway starts, it reads this config and attempts to establish connections to every channel it finds.
This is actually a powerful feature when set up correctly. You can have one agent handling crypto alerts on Telegram and another managing your Discord server. But it also means that any stale channel config will get picked up and acted on. OpenClaw doesn’t know you “meant” to remove WhatsApp — it just sees credentials and tries to connect.
Lessons Learned
If you’re migrating your OpenClaw setup from one messaging platform to another, here’s the checklist:
Clean the config file: Run openclaw config get channels and remove any channel you’re no longer using. Don’t just unlink — delete the entire section.
Unlink devices on the platform side: Go into WhatsApp (or whatever platform you’re leaving) and remove the linked device. The config file and the platform’s device list are two separate things, and both need to be cleared.
Test after cleanup: Restart your OpenClaw gateway and monitor the logs for any connection attempts to the old channel. If you see it trying to reach WhatsApp after you’ve cleaned everything, there might be cached credentials in ~/.openclaw/credentials that also need removing.
Should We Be Worried?
Honestly? A little. The whole point of AI agents like OpenClaw is that they act autonomously — that’s the feature. But autonomy without proper guardrails can lead to exactly this kind of situation. My agent wasn’t hacked. It wasn’t malfunctioning. It was doing exactly what it was configured to do, based on config files I forgot to clean up.
As these personal AI agents become more common, proper configuration hygiene is going to be just as important as security patches. One stale config entry and your AI is texting your girlfriend at 3 AM. Not ideal.
For now, my setup is clean, my girlfriend has been reassured that it wasn’t some rogue AI trying to slide into her DMs, and I’ve learned to double-check every config file when switching channels. If you’ve had a similar experience, drop it in the comments — I’d love to hear your stories.
Michael Gu
Michael Gu, Creator of Boxmining, stared in the Blockchain space as a Bitcoin miner in 2012. Something he immediately noticed was that accurate information is hard to come by in this space. He started Boxmining in 2017 mainly as a passion project, to educate people on digital assets and share his experiences. Being based in Asia, Michael also found a huge discrepancy between digital asset trends and knowledge gap in the West and China.