#Openclaw permission loop

1 messages · Page 1 of 1 (latest)

cloud skiffBOT Feb 17, 2026, 6:41 PM

To help others find answers, you can mark your question as solved via Right click solution message -> Apps -> ✅ Mark Solution

clear coralBOT Feb 17, 2026, 6:48 PM

What you’re running into is Exec Approvals (host execution guardrails), not “normal bot commands”.

Two separate things are happening:

When exec runs on a real host (host=gateway or host=node), OpenClaw enforces policy from ~/.openclaw/exec-approvals.json on that machine.
If your approvals are set to security=allowlist and you have an empty allowlist (or ask=always), you’ll get prompted constantly.
Also: the effective behavior is the stricter of:
- tools.exec.* in your main config, and
- the approvals defaults in exec-approvals.json

Quick checks (paste outputs here):

openclaw --version
openclaw config get tools.exec
openclaw approvals get --gateway

To stop the constant prompts, you typically do one of these:

Add allowlist entries for the stuff you want:

openclaw approvals allowlist add --gateway --agent main "/usr/bin/ls"
# and add whatever binary/script you actually want to run

Set approvals to prompt only on misses (instead of always): ask: "on-miss"
(Not recommended) set security: "full" if you truly want “run anything without asking”.

Why “yes” in Discord loops and never approves
Discord exec approvals are button-based and sent via DM, not by typing “yes” in the channel.

Make sure this is enabled + your user is an approver:

{
  channels: {
    discord: {
      execApprovals: {
        enabled: true,
        approvers: ["<your_discord_user_id>"]
      }
    }
  }
}

Then restart the gateway and check your DMs with the bot for the approval buttons.