Have you seen the code of OpenClaw? It would not surprise me if there is a mistake in there somewhere that causes the bot to hammer google auth for the refresh token in a very identifiable manner because noone in that repo is bothering to look at the code before merging. Moved fast, broke things.