#discord.allowFrom incorrectly assumed as owner in discord DM?

1 messages · Page 1 of 1 (latest)

weak heathBOT Feb 18, 2026, 4:39 AM

To help others find answers, you can mark your question as solved via Right click solution message -> Apps -> ✅ Mark Solution

restive marlinBOT Feb 18, 2026, 4:51 AM

This is real behavior, but it’s not a “bypass” so much as OpenClaw treating allowFrom as the trust boundary for DMs.

Why you’re seeing “Owner numbers: …”

When channels.discord.dmPolicy: "allowlist" is used, channels.discord.allowFrom is the list of people allowed to DM the bot at all. Internally, OpenClaw currently derives the “owner list” that gets injected into the system prompt from that allowlist (unless you override it).

So yes: if you put someone in allowFrom, OpenClaw will treat them as an owner/trusted user for that channel (including in the prompt wording). That’s consistent with the current code path (src/auto-reply/command-auth.ts → ownerList → src/agents/system-prompt.ts “Owner numbers …”).

Docs do explain allowFrom as DM access control, but I agree the wording “Owner numbers” is misleading in a multi-user allowlist scenario.

Discord DM policy docs: https://docs.openclaw.ai/channels/discord
Security doc on DM allowlists + DM scoping: https://docs.openclaw.ai/gateway/security

If you want “can DM” ≠ “owner”

Use the explicit owner override:

commands.ownerAllowFrom: who is considered “owner” for owner-only commands/tools (and what shows up in that system prompt line)
channels.discord.allowFrom: who can DM at all

Example:

{
  channels: {
    discord: {
      dmPolicy: "allowlist",
      allowFrom: ["1234567", "7654321"] // both can DM
    }
  },

  commands: {
    ownerAllowFrom: ["discord:1234567"] // ONLY this ID is treated as “owner”
  },

  session: { dmScope: "per-channel-peer" } // recommended when >1 person can DM

Extra important: Elevated fallback (surprises people)

On Discord, if you don’t set tools.elevated.allowFrom.discord, it can fall back to channels.discord.allowFrom. That’s documented here (and is a bigger “whoa” than the prompt text):
https://docs.openclaw.ai/tools/elevated

So if you’re experimenting with multi-user DMs, I’d explicitly set:

{
  tools: { elevated: { allowFrom: { discord: ["1234567"] } } }
}

Next step

This feels like a docs + wording issue at minimum (“Owner numbers” should probably be “Authorized senders” or similar). If you can, file a GitHub issue so it’s tracked: https://github.com/openclaw/openclaw/issues

Yep — as of current OpenClaw behavior, that’s intended (by implementation), even though the wording is… pretty misleading.

What’s happening:

channels.discord.dmPolicy: "allowlist" + channels.discord.allowFrom: [...] means “these are the only people allowed to DM the bot”.
OpenClaw then reuses that allowlist as the “owner/trusted sender list” that gets injected into the system prompt as:

“Owner numbers: … Treat messages from these numbers as the user.”

So it’s not a bypass (they’re already trusted enough to be allowed to DM), but I agree it’s a leaky abstraction and the prompt text reads way stronger than what you intended.

A few important nuances / mitigations if you’re doing multi-user DMs:

Turn on secure DM scoping (prevents cross-user context bleed):

{ session: { dmScope: "per-channel-peer" } }