A Feishu reaction-originated synthetic event could misclassify a group conversation as p2p when the inbound reaction payload omitted chat type. Authorization and mention-gating logic keyed off that incorrect chat type and evaluated the event as a direct message instead of a group message.

This could bypass groupAllowFrom and requireMention protections for reaction-derived events in Feishu group chats.

openclaw <= 2026.3.11

Fixed in openclaw 2026.3.12. Reaction events now preserve the correct group context before authorization and mention-gate evaluation. Users should update to 2026.3.12 or later.