diff --git a/CHANGELOG.md b/CHANGELOG.md
index cd523a99ad1..c64bba039c7 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -137,6 +137,7 @@ Docs: https://docs.openclaw.ai
 - Agents/compaction: trigger overflow recovery from the tool-result guard once post-compaction context still exceeds the safe threshold, so long tool loops compact before the next model call hard-fails. (#29371) thanks @keshav55.
 - macOS/exec approvals: harden exec-host request HMAC verification to use a timing-safe compare and keep malformed or truncated signatures fail-closed in focused IPC auth coverage.
 - Gateway/exec approvals: surface requested env override keys in gateway-host approval prompts so operators can review surviving env context without inheriting noisy base host env.
+- Gateway/probe: include device identity in authenticated loopback probes so `openclaw status` and probe RPCs get full paired scopes instead of being scope-limited. Strip identity only for effectively anonymous probes (opts.auth undefined or empty). (#48805)
 - Telegram/network: preserve sticky IPv4 fallback state across polling restarts so hosts with unstable IPv6 to `api.telegram.org` stop re-triggering repeated Telegram timeouts after each restart. (#48282) Thanks @yassinebkr.
 - Plugins/subagents: forward per-run provider and model overrides through gateway plugin subagent dispatch so plugin-launched agent delegations honor explicit model selection again. (#48277) Thanks @jalehman.
 - Agents/compaction: write minimal boundary summaries for empty preparations while keeping split-turn prefixes on the normal path, so no-summarizable-message sessions stop retriggering the safeguard loop. (#42215) thanks @lml2468.
diff --git a/src/gateway/probe.ts b/src/gateway/probe.ts
index bbd36639b78..f5c6b94ea87 100644
--- a/src/gateway/probe.ts
+++ b/src/gateway/probe.ts
@@ -45,9 +45,14 @@ export async function probeGateway(opts: {
   const disableDeviceIdentity = (() => {
     try {
       const hostname = new URL(opts.url).hostname;
-      // Local authenticated probes should stay device-bound so read/detail RPCs
-      // are not scope-limited by the shared-auth scope stripping hardening.
-      return isLoopbackHost(hostname) && !(opts.auth?.token || opts.auth?.password);
+      // Probes should stay device-bound whenever possible so read/detail RPCs
+      // are not scope-limited by shared-auth/anonymous scope stripping hardening.
+      // We used to disable identity for all local probes without token/password,
+      // but that breaks authenticated status checks when hardening is enabled.
+      //
+      // Now we only disable it for literal anonymous loopback probes (opts.auth
+      // undefined) to maintain legacy "no-setup" local status behavior.
+      return isLoopbackHost(hostname) && opts.auth === undefined;
     } catch {
       return false;
     }