[Bug]: CLI V1 crashes with 'LLM provided a security_risk but no security analyzer is configured'

[xingyaoww]

Describe the bug and reproduction steps

When using the OpenHands CLI (V1), the agent crashes with a RuntimeError during execution:

RuntimeError: LLM provided a security_risk but no security analyzer is configured - THIS SHOULD NOT HAPPEN!

This error occurs in the openhands-sdk package when the LLM returns a security_risk parameter in its response, but the conversation doesn't have a security analyzer configured.

Reproduction Steps

1. Install OpenHands CLI V1
2. Configure and run the CLI agent
3. During agent execution, the error occurs when the LLM tries to take an action

Root Cause

Based on code analysis:

1. The CLI's setup_conversation() function in openhands-cli/openhands_cli/setup.py conditionally includes a security analyzer based on the include_security_analyzer parameter
2. When confirmation mode is disabled (NeverConfirm policy), the security analyzer is removed via toggle_confirmation_mode() in runner.py
3. However, the LLM may still return security_risk parameters in its tool call responses
4. The openhands-sdk expects that if security_risk is present, a security analyzer must be configured, otherwise it raises this RuntimeError

This appears to be related to the recent changes in commit 9fe4e9715 ("CLI(V1): Fix confirmation mode breaking on weaker models").

Suggested Fix

The issue can be resolved in one of these ways:

1. SDK-side fix: Modify the openhands-sdk to gracefully handle cases where security_risk is provided but no analyzer is configured (e.g., treat it as UNKNOWN or ignore it)
2. CLI-side fix: Ensure the security analyzer is always initialized, even when confirmation mode is disabled, but configure it to not prompt the user
3. LLM prompt fix: Update the system prompt to explicitly instruct the LLM not to return security_risk parameters when the security analyzer is not enabled

OpenHands Installation

CLI

OpenHands Version

Latest (commit 22f67d3 or later with CLI V1 support)

Model Name

Not specified in the error report, but appears to affect multiple models

Operating System

Linux (from the traceback path /home/xingyaow/.cache/uv/...)

Logs, Errors, Screenshots, and Additional Context

Full Error Traceback

Error: LLM provided a security_risk but no security analyzer is configured - THIS SHOULD NOT HAPPEN!
Traceback (most recent call last):
  File "/home/xingyaow/.cache/uv/archive-v0/4O2s5H4GUkriWq5g6YjrC/lib/python3.12/site-packages/openhands_cli/simple_main.py", line 45, in main
    run_cli_entry(resume_conversation_id=args.resume)
  File "/home/xingyaow/.cache/uv/archive-v0/4O2s5H4GUkriWq5g6YjrC/lib/python3.12/site-packages/openhands_cli/agent_chat.py", line 173, in run_cli_entry
    runner.process_message(message)
  File "/home/xingyaow/.cache/uv/archive-v0/4O2s5H4GUkriWq5g6YjrC/lib/python3.12/site-packages/openhands_cli/runner.py", line 83, in process_message
    self._run_with_confirmation()
  File "/home/xingyaow/.cache/uv/archive-v0/4O2s5H4GUkriWq5g6YjrC/lib/python3.12/site-packages/openhands_cli/runner.py", line 103, in _run_with_confirmation
    self.conversation.run()
  File "/home/xingyaow/.cache/uv/archive-v0/4O2s5H4GUkriWq5g6YjrC/lib/python3.12/site-packages/openhands/sdk/conversation/impl/local_conversation.py", line 245, in run
    self.agent.step(self._state, on_event=self._on_event)
  File "/home/xingyaow/.cache/uv/archive-v0/4O2s5H4GUkriWq5g6YjrC/lib/python3.12/site-packages/openhands/sdk/agent/agent.py", line 226, in step
    action_event = self._get_action_event(
                   ^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/xingyaow/.cache/uv/archive-v0/4O2s5H4GUkriWq5g6YjrC/lib/python3.12/site-packages/openhands/sdk/agent/agent.py", line 353, in _get_action_event
    raise RuntimeError(
RuntimeError: LLM provided a security_risk but no security analyzer is configured - THIS SHOULD NOT HAPPEN!

Related Files

• openhands-cli/openhands_cli/setup.py - Handles security analyzer initialization
• openhands-cli/openhands_cli/runner.py - Manages confirmation mode toggling
• openhands-cli/pyproject.toml - SDK dependency at commit 189979a5013751aa86852ab41afe9a79555e62ac

Impact

This bug makes the CLI unusable for affected users, as it causes the agent to crash during execution, preventing any work from being completed.

[malhotra5]

There was patch for security analyzer made recently in #11274.

It's possible that this introduced a breaking change if you already have previous settings configured. Could you confirm what your ~/.openhands/agent_settings.json contains?

[malhotra5]

As per the issue description in All-Hands-AI/agent-sdk#668, this issue happens when the security analyzer removed by forcefully updating the mutable agent instead of creating a separate copy without the analyzer.

Is there a more details way to repro this error?

[malhotra5]

Fixed via #11343