In affected versions of openclaw, a gateway caller with operator.write could issue agent requests containing /new or /reset and reach the same reset path used by the admin-only sessions.reset RPC.

On gateways where a caller is intentionally granted operator.write but not operator.admin, that caller could reset targeted conversation state through agent slash commands. This crosses the documented method-scope boundary between write-scoped messaging and admin-only session mutation.

Scope checks were enforced only on the outer RPC method. The agent slash-command path reused admin-only reset logic internally, so a write-scoped caller could reach session-reset mutation without holding operator.admin.

OpenClaw no longer routes conversation /new and /reset through the admin-only sessions.reset entry point. Reset logic now lives in a shared service, while sessions.reset remains admin-only. The fix shipped in openclaw@2026.3.11.

Upgrade to 2026.3.11 or later.