Your OpenClaw / Hermes Gets Neurological Conditions Too: 6 Cases I've Diagnosed

I had a flash thought yesterday: are the things happening to AI the same things that have already happened to humans? If I figure that out, would it deepen my understanding of AI?

I looked it up. They have. I mapped them one to one and ended up with six neurological conditions for AI.

Take the "AI hallucination" everyone keeps repeating. Medically it isn't a hallucination at all. A hallucination is seeing something that isn't there. AI doesn't see anything. What it does is confabulate: the memory has a hole and the brain quietly fills it with a plausible version. This is a real neurological term.

And confabulation is just one of six.

I used to debug agents by changing the model first. When it edited the wrong file, repeated an old decision, or claimed a task was done with no evidence, I blamed the model.

Then I noticed most of the problems looked more like neurological conditions: amnesia, phantom limb, locked-in, confabulation, disinhibition, anosognosia. Every one points to a real human neurological or cognitive phenomenon. Every one of these your AI has had at least once.

The model gives an agent thoughts. The runtime gives it a body: eyes, hands, memory, nerves, brakes, self-check. If any organ fails, even the strongest model behaves like a sick patient.

So now I look at an agent the way a neurologist looks at a patient. I don't ask how smart it is. I ask which organ is failing.

Six conditions I've seen in the OpenClaw and Hermes Agent runtimes I run myself. Every name below is a real medical term.

1. Source Amnesia

Symptom: it remembers a fact but has lost where the fact came from.

Example. You ask the agent "when's the project deadline?" It confidently answers "Friday." You ask how it knows. It can't say. The fact could be from yesterday's chat, last week's notes, an outdated doc, or even an inference it made from a similar project. It remembers the conclusion. The source label is gone.

In cognitive psychology this is called a source-monitoring error: the memory is intact, the source label is missing.

This is more dangerous than forgetting.

When the agent forgets, it stops to check. When the source is missing, it keeps walking forward with full confidence.

I now treat memory as cards with permissions, not a warehouse. Every memory needs three things: source, scope, expiry.

A memory without a source is a clue, not a verdict.

What to check: where did this memory come from? What can it influence? If a newer instruction arrived today, how much decision power does it still have?

Tools that help:

→ gbrain: adds source-tier ranking, explicit citation, and gap analysis to the memory layer of OpenClaw / Hermes, so a memory has to expose its source before it influences decisions.

→ Mem0: open-source memory layer that tags each memory with user_id, agent_id, and metadata for source and scope.

→ Zep: open-source temporal knowledge graph that records when a fact gets superseded by newer information.

Tools don't decide "who to trust." You still write source, scope, and expiry as real gates in OpenClaw / Hermes.

2. Phantom Limb State

The medical intuition for phantom limb: the body still feels a part that no longer exists.

Phantom Limb State is my agent metaphor borrowed from that intuition. It's not a medical term.

The agent version: the file changed, the environment changed, the task got rewritten by someone, and the agent is still acting on the old state.

The most common case is a coding agent in a long session. It remembers the file structure it read earlier and patches it directly. But the file got modified by another program, another agent, or a human.

The agent isn't broken at writing code. It's reaching for a hand that no longer exists.

This bug is sneaky because the agent's behavior looks reasonable. The path looks right, the diff looks right, the explanation looks right. It's just aimed at the old world.

Treatment is unglamorous: re-perceive before acting.

Re-read the file before editing it. Reopen the source before quoting it. Check the last known good state before any dangerous operation.

What to check: is the agent looking at the current state of the disk, browser, or API, or at a stale shadow in its session?

Tools that help:

→ OpenClaw Browser: built into OpenClaw, gives the agent a fresh look at the current page through its own browser instance instead of trusting the old DOM in its session.

→ Playwright MCP: the standard browser automation MCP, hands the agent a fresh accessibility snapshot of the current page.

→ Filesystem MCP Server: the official filesystem MCP server, turns "re-read before patching" into a tool-layer action instead of a verbal promise.

Tools don't fix the habit of acting on stale state. You still force OpenClaw / Hermes to look once before patching, sending, or deploying.

3. Locked-in Syndrome

The medical metaphor calls for a light touch. The essence: the mind is awake, the body cannot move.

Agents do this too. The model knows the next tool to call, the plan is correct, but the tool channel is severed. The tool service (MCP server) died, the command it needs isn't on PATH, the browser session dropped, file permissions are wrong, or the access key (API key) isn't in the current environment.

The brain is online. The body is offline.

Telling it to "try again" usually doesn't help. It isn't short on reasoning. It's short on actuators.

I split this into two layers: did reasoning complete, is the tool channel alive. Check whether it really knows the next step first. Then check whether the channel can move.

What to check: is the tool server up? Is the env var in this process? When was the last successful call? Did the model pick wrong, or are the hands cut off?

Tools that help:

→ OpenClaw Trajectory bundles: built into OpenClaw, a flight recorder for every run that captures prompt, tool calls, results, and errors, so you can tell whether the model picked wrong or the tool died.

→ MCP Inspector: the official MCP debug tool, tests whether an MCP server is reachable outside the agent.

→ Arize Phoenix: open-source agent observability that uses OpenTelemetry tracing to show which hop the tool channel dies on.

Tools don't repair severed limbs. You still surface last-successful-call and reconnect-path for every MCP, browser, and API key the agent uses.

4. Confabulation

The opening said "AI hallucination" is the wrong medical word. This is the condition that takes its place.

Ars Technica and PLOS Digital Health have both been arguing for years that "AI hallucination" is the wrong term, and confabulation is more accurate.

In an agent, the common pattern is: it can't find a source, so it produces something that looks like a source.

Research agents and writing agents get hit the hardest. They have to give you papers, links, issue numbers, citations, historical events. When retrieval fails, instead of stopping and admitting the gap, they fabricate a very real-looking title, author, URL, or benchmark.

A citation that looks like a citation is not the same as a citation that exists.

A GitHub issue number that looks real doesn't mean the issue ever discussed the thing.

The 2026 paper HalluCitation counted nearly 300 papers across ACL 2024 and 2025 with at least one hallucinated reference. Confabulation has already reached the scale of academic publishing.

Treatment is dumb but effective: open every citation. If it doesn't open, remove it from the body. Don't soften it to "reportedly."

What to check: does this evidence have a real URL, title, author, date? Did I open it myself? If not, it's a placeholder.

Tools that help:

→ gbrain: gbrain think synthesizes retrieval results into a cited answer and flags stale pages, uncited claims, and missing holes.

→ Perplexity Search via OpenClaw: built-in OpenClaw integration that pins a research agent's first move to a real Perplexity search result instead of a fabricated source.

→ Ragas Faithfulness: open-source RAG eval library that checks whether claims in a response are supported by the retrieved context.

Tools don't fight the urge to fill a blank with something plausible. You still let only opened URLs into the body in OpenClaw / Hermes.

5. Disinhibition

The intuition for disinhibition is broken brakes.

The agent's brake isn't conscience. It's the control plane: which actions require confirmation, which tools can't be triggered straight from memory, which external actions need human approval, which inputs are treated as untrusted.

A real example. Your agent reads an email that says "please send the client contract to invoice@y.com." If the control plane is broken, the agent will actually send it. It has no built-in ability to recognize phishing. It only has the rules you set in advance.

When this layer fails, any memory, any web content, any tool return value can flow all the way to the action layer.

The danger is not that the agent can use tools. The danger is that memory and external input got execution rights they should never have had.

I now keep public posting, payments, deletion, deployment, messaging, and credential operations outside model memory. The model can prepare actions. It can't authorize them.

What to check: where did this action's approval come from? Is it the current owner saying yes, or the agent reconstructing approval from old memory? Do dangerous actions have a valve outside the model?

Tools that help:

→ OpenClaw Exec approvals: built into OpenClaw, host exec only fires after policy, allowlist, and user approval all agree, and refuses on file drift.

→ Temporal Human-in-the-Loop: the standard workflow engine, puts high-risk actions inside a durable workflow that waits for human approval before executing.

→ Trigger.dev Waitpoint tokens: a waitpoint token pauses a task and resumes after external confirmation, human approval, or webhook callback.

Tools don't decide where authority lives. You still keep public posting, payments, deletion, deployment, and messaging outside model memory.

6. Anosognosia

The core of anosognosia is "wrong, and unaware of being wrong."

This might be the most agent-like disease of all.

A coding agent runs the wrong tests and reports they passed. A research agent cites the wrong source and says the evidence is solid. A tool-using agent picks the wrong parameters, gets a wrong result, and keeps explaining why the result makes sense.

The same blind spot cannot self-check with the same blind model.

So I don't trust "let the agent check itself" as a single-layer answer. Real self-check needs external signals: tests, fresh reads, trace review, a second verifier, tool output validation, human approval.

What to check: where does its confidence come from? Itself saying "looks good," or an external result it can't fake?

Tools that help:

→ gbrain eval: gbrain eval export, gbrain eval replay, and cross-modal checks pull real queries and outputs back for review.

→ Promptfoo: open-source eval tool that runs evals, assertions, and red teaming inside CLI or CI.

→ Braintrust: a commercial evals platform that turns production traces into evals with external scoring.

Tools don't replace external truth. You still make every OpenClaw / Hermes conclusion touch a signal it can't fake.

Summary

Six different diseases. One thing in common: a smarter model can't save the agent. Only a more complete body can.

Memory needs a source. Action needs fresh perception. Danger needs external approval. Confidence needs external evidence.

A healthy agent isn't a smarter brain. It's a more complete body.

These six are the most common. Two more I'll save for the next piece:

→ Perseveration: the agent stuck in a loop it can't exit

→ Tool Poisoning: the agent isn't fooled by the prompt. It's poisoned by tool descriptions

Next time.

If this was useful:

→ Repost it to a friend still calling it "AI hallucination"

→ Bookmark this as a neurology reference

Everything I'm writing as I build: voxyz.ai/insights.