#Help with permissions

1 messages · Page 1 of 1 (latest)

cedar nightBOT
#

To help others find answers, you can mark your question as solved via Right click solution message -> Apps -> âś… Mark Solution

fathom haloBOT
#

If “ZeroCLAW” = OpenClaw: the simplest + safest pattern is not MCP first — it’s:

  1. Lock down who can talk to the agent (WhatsApp/Telegram allowlists / pairing)
  2. Give the agent controlled host execution via exec with allowlists + approvals
  3. Wrap the real work (e.g. “update homeassistant”) into one executable helper script/binary that you allowlist.

0) Quick sanity check (helps avoid weird mismatches)

What version are you on? openclaw --version

1) Get WhatsApp / Telegram control working (securely)

Telegram: https://docs.openclaw.ai/channels/telegram
WhatsApp: https://docs.openclaw.ai/channels/whatsapp

Typical “only me can DM it” setup is pairing/allowlist (Telegram uses numeric IDs; WhatsApp uses E.164 numbers).

2) Give it server access: use exec on the gateway host + approvals

Docs:

#

Key idea: keep the agent sandboxed by default, and only “escape” to the real machine when:

  • the command is allowlisted, and/or
  • you approve it (nice for anything that can brick your box)

Important nuance from the docs: sandboxing is off by default, so host=sandbox can end up running directly on the gateway host without approvals. If you want approvals to actually protect you, explicitly use host=gateway + approvals policy.

3) Don’t allowlist bash. Allowlist one executable “ops command”

If you allowlist /usr/bin/bash, you’ve effectively allowed “run anything”.

Instead:

  • create an executable script/binary like ~/ops/update-homeassistant (with a shebang + chmod +x)
  • have the agent run that file directly (so the “resolved binary path” is the script itself)
  • allowlist that path in exec approvals