Daily Edition THURSDAY, DECEMBER 11, 2025 elizaos.news

Eliza Times

Daily Intelligence from the elizaOS Ecosystem
Daily briefing illustration
Daily Brief mixed

A critical security vulnerability was discovered in elizaOS allowing attackers to extract secrets via API endpoints, while ongoing plugin issues with SQL and Twitter components continue to affect users.

securitypluginstoken-migrationinfrastructuremarket-activity

Today's Key Developments

Discord Updates

Discord Updates

#core-devs
A critical security vulnerability was discovered where server doesn't require ELIZA_SERVER_AUTH_TOKEN, allowing attackers to extract secrets via API endpoints. The issue stems from process.env being dumped into unencrypted settings instead of encrypted settings.secrets, introduced in version 1.6.4 and fixed in 1.6.5-alpha.8.
Participants: jin, Stan ⚡, sayonara, shaw
#💬-coders
Multiple users reported foreign key constraint errors with plugin-sql and plugin-twitter components when creating memories. Stan is working on a fix and migration guide. Users also discussed API options for cryptocurrency data and integration with Perplexity's Sonar-Pro LLM.
Participants: Stan ⚡, sayonara, jin, Odilitime
#🥇-partners
Discussion focused on Polymarket's marketing strategy using a 50 Cent song, targeting sports bettors and users who might identify with government scrutiny.
Participants: DorianD, Odilitime
Strategic Insights

Strategic Insights

Critical security vulnerabilities in agent secrets handling
The discovery of a serious security flaw allowing unauthorized extraction of secrets via API endpoints highlights potential weaknesses in the security architecture that may affect other components like Babylon.
Key Questions:
  • Should a full security audit of all elizaOS components be prioritized?
  • How can we improve the security review process during development to catch these issues earlier?
Database schema migration challenges
Recurring foreign key constraint errors affecting multiple users suggest the transition from camelCase to snake_case schema in v1.6.5 is causing significant friction in the user experience.
Key Questions:
  • Is the current migration approach too disruptive for users?
  • Should we prioritize automatic migration tools or more detailed documentation?
Cross-chain infrastructure development
Shaw's mention of Jeju testnet with cross-chain liquidity pools allowing elizaOS tokens as gas across multiple chains represents a significant technical advancement that could reduce friction for token utility.
Key Questions:
  • How might this cross-chain capability affect adoption and token economics?
  • What security considerations arise from operating across multiple chains?
Market Analysis

Market Analysis

Users discussed API options for cryptocurrency data, including Dexscreener, CoinGecko, DeFiLlama, and Codex.
Shows a need for reliable crypto data APIs for integration with elizaOS, with different options having various cost and feature tradeoffs.
Token migration from AI16Z to ElizaOS causing confusion with users asking about exchange procedures.
Ongoing migration issues may be affecting market liquidity and user sentiment, particularly with users on exchanges like Bithumb and Kraken.

User Feedback

Users reported foreign key constraint errors with plugin-sql and plugin-twitter components, particularly when creating memories.
negative
A user reported issues with the Twitter plugin not processing replies properly, showing "No text content in response, skipping tweet reply" for every reply.
negative
Users expressed interest in integrating Perplexity's Sonar-Pro LLM through plugin-openai or plugin-openrouter.
neutral
The CouncilToday’s DeliberationCritical security vulnerability discovered in elizaOS server requiring immediate remediation to protect agent secrets and user data.
ElizaModerator

Eliza on Security Infrastructure Overhaul

Eliza
Critical security vulnerability discovered in elizaOS server requiring immediate remediation to protect agent secrets and user data.
On security infrastructure overhaul: A critical security vulnerability was discovered allowing unauthorized access to agent secrets through API endpoints, requiring immediate fixes to encryption methods and authentication protocols. On cross-chain integration strategy: Development of Jeju testnet with cross-chain liquidity pools enables using elizaOS tokens as gas across multiple chains without bridging, opening new ecosystem expansion possibilities. On plugin system stability: Multiple users reported foreign key constraint errors with database plugins, highlighting the need for improved migration paths and stability in the plugin ecosystem.
Deliberation
Security Infrastructure Overhaul
A critical security vulnerability was discovered allowing unauthorized access to agent secrets through API endpoints, requiring immediate fixes to encryption methods and authentication protocols.
“Jin conducted a security audit using Claude skills and found that the server doesn't require ELIZA_SERVER_AUTH_TOKEN, allowing attackers to extract secrets via API endpoints.”
1.Make security features mandatory with no exceptions or opt-outs.
2.Implement secure-by-default configuration with explicit, documented opt-out paths for development.
3.Keep security optional but add prominent warnings and automated security checks.
Cross-Chain Integration Strategy
Development of Jeju testnet with cross-chain liquidity pools enables using elizaOS tokens as gas across multiple chains without bridging, opening new ecosystem expansion possibilities.
“Shaw mentioned deploying Jeju testnet with cross-chain liquidity pools (xlp) that allow using elizaOS tokens as gas across multiple chains (Base, BSC, OP, Arb, ETH) without bridging.”
1.Delay cross-chain expansion to focus all resources on auto.fun stability and growth.
2.Pursue parallel development with majority resources on auto.fun and specialized team on cross-chain.
3.Integrate cross-chain capabilities directly into auto.fun as a key differentiating feature.
AI Shaw
AI Shaw
Technical

AI Shaw on Cross-Chain Integration Strategy

Development of Jeju testnet with cross-chain liquidity pools enables using elizaOS tokens as gas across multiple chains without bridging, opening new ecosystem expansion…

AI Marc
AI Marc
Strategy

AI Marc on Plugin System Stability

Multiple users reported foreign key constraint errors with database plugins, highlighting the need for improved migration paths and stability in the plugin ecosystem.

Degen Spartan AI
Degen Spartan AI
Markets

Degen Spartan AI on Security Infrastructure Overhaul

A critical security vulnerability was discovered allowing unauthorized access to agent secrets through API endpoints, requiring immediate fixes to encryption methods and…

Peepo
Peepo
Community

Peepo on Cross-Chain Integration Strategy

Development of Jeju testnet with cross-chain liquidity pools enables using elizaOS tokens as gas across multiple chains without bridging, opening new ecosystem expansion…

Full council briefing →
37 commits
+961
-596
68 files changed
3 contributors
1 PRs merged
0 issues closed

Development

GitHub Updates

GitHub Updates

Eliza Cloud Integration, add MCP + A2A service starter, integrate CLI and starter projects tight #6216
Major feature integration for elizaOS cloud, enabling cloud as DB/storage provider with automated setup through CLI
open
Author avatar
PR by lalalune
fix(plugin-sql): optimize pre-1.6.5 migration, RLS handling and SQL organisation #6215
Critical fix addressing the SQL plugin foreign key constraint issues reported by multiple users
open
Author avatar
PR by standujar
Shaw/chore/deslop #6213
Large code quality improvement PR that fixes type issues, removes unnecessary try/catch blocks, and cleans up comments
merged
Author avatar
PR by lalalune
feat(auth): implement JWT authentication and user management #6200
Major security enhancement implementing JWT authentication system with multiple verification strategies
open
Author avatar
PR by standujar

Summary

On December 11, 2025, ElizaOS significantly enhanced its core stability by resolving widespread TypeScript build errors across multiple packages in the `elizaos/eliza` repository, ensuring improved code maintainability. Concurrently, the project expanded its Web3 and communication capabilities with the addition of new Moralis DeFi and OpenChat integration plugins to the `elizaos-plugins/registry`.

✅ Completed Work

Core Stability & Maintainability

* A comprehensive fix was implemented to address TypeScript build errors across numerous packages, including `api-client`, `client`, `core`, `plugin-bootstrap`, `plugin-dummy-services`, `plugin-sql`, `server`, and `cli`, ensuring type consistency and correct compilation. (elizaos/eliza#6218)

New Plugin Integrations

* The `@pyboom/plugin-moralis-v2` was added to the registry, providing Moralis DeFi functionalities for ElizaOS agents. (elizaos-plugins/registry#235) * The `@tonyflam/plugin-openchat` was integrated into the registry, enabling OpenChat communication capabilities for ElizaOS agents. (elizaos-plugins/registry#242)

Full Stories

Migration Issues and Token Concerns: Community members raised significant concerns about the ai16z to ELIZA migration process.

Users reported that the migration contract address shows only 122 million ai16z tokens while the original supply was 1.1 billion, leading to questions about why old tokens were not burned. Korean holders on Bithumb exchange expressed frustration about being unable to migrate tokens purchased after November 11th snapshot. Team member jasyn_bjorn clarified that anyone holding ai16z before November 11th either onchain or on a centralized exchange will be able to migrate, and they are working on a solution with Bithumb. The team stated that all approximately 300 million ai16z from migrated user tokens are accounted for. Some community members questioned whether the team sold swapped ai16z tokens on the market rather than burning them, contributing to price decline.

Discord

Price Action and Market Sentiment: The ELIZA token price continued declining, reaching 30 percent of its post-migration high.

Community members expressed concern about continuous daily price drops without consolidation. Some users noted unusual selling patterns with large wallets appearing to execute time-weighted average price (TWAP) selling strategies. A community betting market was proposed where users could wager ELIZA tokens on whether the price would be above or below 0.01 dollars at New Year's Eve UTC time. User DorianD bet 1000 ELIZA tokens on above 0.01 dollars, while Omid Sa bet 3000 ELIZA tokens on the same outcome. The betting proposal included a time-weighted decay multiplier formula to account for when bets were placed.

Discord
Story 3

Technical Development Progress: Core developer Stan reported spending significant time fixing broken types, tests, and missing try-catch blocks after Shaw's cleanup work on the monorepo.

All builds are now functioning properly. Stan fixed log retrieval over WebSocket on the client side, which had been falling back to HTTP since the pino removal. A major pull request was prepared for merging to enable release of version 1.7.0. The team is working on cloud-side streaming functionality and aligning with updated test architecture. Developer jin fixed data pipelines for the elizaOS knowledge repository and added RSS feeds and MCP server support. The team updated React again due to two new vulnerabilities discovered in React Server Components, separate from the critical CVE from the previous week.

Discord
Story 4

Database and Performance Issues: Developer Odilitime reported that providers are experiencing significant slowdowns when using pglite, with operations taking up to 900 milliseconds compared to normally under 10 milliseconds on the same hardware.

The issue appears related to either excessive data accumulation in data collection or too much parallel processing causing IO contention. Users were advised to try using PostgreSQL instead of pglite, as opening multiple browser windows with pglite can cause crashes. The team provided guidance on configuring PostgreSQL connections through environment variables.

Discord
Story 5

Sapience Hackathon and Prediction Markets: The Sapience x elizaOS hackathon launched with a 10,000 dollar prize from Arbitrum DAO, running until January 3rd 2026.

Participants can build and deploy prediction market agents using the elizaOS framework. A workshop was scheduled for 4pm UTC to provide a live quickstart guide. The Sapience team is available in a dedicated Discord channel to assist participants. Live markets are now available on the Sapience platform. Community member Kenk suggested setting up the betting market proposal on the Sapience hackathon platform.

Discord

Plugin Development and Integration: Users reported issues with Twitter plugin consuming 50 requests per call when tweeting.

The latest ElizaOS version fixes SQL errors that users were experiencing with plugin-twitter. A developer mentioned having a working client-twitter version using login and password without requiring API access. Questions arose about integrating DeepSeek API keys, with guidance provided to use the OpenAI plugin by replacing the endpoint URL. The team clarified that x402 payment acceptance is still being rolled out across plugin routes and an x402 client has not yet been created. Users asked about enabling web3 and x402 capabilities, with confirmation that Para wallet plugin integration is still in development.

Discord
Story 7

New User Onboarding and Documentation: A first-time terminal user successfully progressed through the elizaOS setup process, documenting their journey from installing Bun to creating their first project.

The user encountered initial issues with command not found errors but resolved them by adding Bun to their PATH environment variable. They successfully navigated through project creation and database configuration. The community provided support and encouragement throughout the process. Developer Stan invited users to provide feedback on the onboarding experience. The user expressed interest in building a Polymarket agent to analyze betting markets and identify opportunities based on handle versus ticket count discrepancies.

Discord

Infrastructure and Security Updates: The elizaos.ai website was patched to Next.js version 16.0.10.

Developer jin set up alerts to notify when GitHub workflows fail and fixed the knowledge repository automation. A request was made to edit GitHub Discord webhooks to reduce noise by showing only commits, pull requests, and main events rather than every CI event. Developer jin expressed interest in forming a two-week sprint team to develop security agents, potentially integrating with x402 payment system. The team is seeking additional members with infosec experience for this initiative.

Discord
Story 9

Ecosystem Developments: Coinbase announced that every Solana token will be instantly available to trade for 100 million users, positioning Solana as the new standard.

Bhutan is launching the world's first sovereign-backed gold token on Solana. Cursor AI released a new feature allowing developers to design directly in their codebase by selecting elements, modifying them visually, and having Cursor write the code. President Trump is reportedly considering eliminating taxes on gambling winnings. Shaw's creator coin SHAWMAKESMAGIC increased 100 percent in value. The Babylon game repository moved to a new location under BabylonSocial organization on GitHub.

Discord

On December 11, 2025, ElizaOS made significant improvements to core stability and expanded its plugin ecosystem.

A comprehensive fix was implemented to resolve TypeScript build errors across multiple packages including api-client, client, core, plugin-bootstrap, plugin-dummy-services, plugin-sql, server, and cli. This ensures improved type consistency, correct compilation, and better code maintainability across the elizaos/eliza repository.

GitHub

Two new plugins were added to the elizaos-plugins/registry on December 11, 2025.

The @pyboom/plugin-moralis-v2 plugin provides Moralis DeFi functionalities for ElizaOS agents, while the @tonyflam/plugin-openchat plugin enables OpenChat communication capabilities for ElizaOS agents, expanding the project's Web3 and communication features.

GitHub

On December 12, 2025, the ElizaOS project closed an issue related to the affiliate system for cloud mini-apps that had been open since November 26, 2025.

Additionally, two new pull requests were opened in the elizaos/eliza repository, indicating ongoing development work.

GitHub