How to enable settings to not ask for exec every time I need a task done? | Friends of the Crustacean 🦞🤝 | Page 1

languid pantherBOT Feb 26, 2026, 1:19 PM

#

To help others find answers, you can mark your question as solved via Right click solution message -> Apps -> ✅ Mark Solution

devout creekBOT Feb 26, 2026, 1:21 PM

#

You don’t need to hand-edit JSON for this — there are CLI commands.

The usual “stop asking every time” way (recommended)

Keep ask=on-miss (default) and just allowlist the binaries you use. Once a command matches the allowlist, it won’t prompt anymore.

# see current policy/allowlist
openclaw approvals get --gateway

# add allowlist entries (binary paths / glob patterns)
openclaw approvals allowlist add --gateway "/usr/bin/git"
openclaw approvals allowlist add --gateway "/usr/bin/node"
openclaw approvals allowlist add --gateway "~/.local/bin/*"

# if exec is happening on a node (macOS app / headless node host)
openclaw approvals get --node <id|name|ip>

#

openclaw approvals allowlist add --node <id|name|ip> "/usr/bin/uname"

Docs:

If you want to never be prompted (careful)

This disables the approval dialog; anything not allowed will just be denied (unless you also run with security=full, which is basically “no guardrails”).

Set the default ask-mode in config:

openclaw config set tools.exec.ask "off"
openclaw gateway restart

#

Docs:

If the prompt is coming via Telegram approvals

You can also approve + permanently allow from chat with:

/approve <id> allow-always (adds to allowlist)
/approve <id> allow-once

If you paste openclaw --version and tell me whether your exec is running on gateway or a node (macOS app), I can point you at the exact command(s) you need.

zealous badger Feb 26, 2026, 1:22 PM

#

I’m running the newest version

devout creekBOT Feb 26, 2026, 1:23 PM

#

“Newest” helps, but I still need the exact build because the CLI + approvals behavior has changed a few times.

Can you paste:

openclaw --version

In the meantime, here are the commands (no manual JSON editing):

Option A (recommended): keep prompts only for unknown commands

Add the binaries you use to the exec allowlist (then prompts stop for those):

openclaw approvals get --gateway
openclaw approvals allowlist add --gateway "/usr/bin/git"
openclaw approvals allowlist add --gateway "/usr/bin/node"

#

openclaw approvals allowlist add --gateway "~/.local/bin/*"

If exec is happening on a paired Mac/node instead:

openclaw approvals get --node <id|name|ip>
openclaw approvals allowlist add --node <id|name|ip> "/usr/bin/uname"

Docs: https://docs.openclaw.ai/cli/approvals

Option B (more dangerous): turn prompts off globally

This stops the approval dialog:

#

openclaw config set tools.exec.ask "off"
openclaw gateway restart

Docs: https://docs.openclaw.ai/tools/exec

Two quick questions so I can give the exact “right” command:

Are you seeing approvals for gateway host exec or for a node (macOS app)?
When it prompts, does it show a /approve <id> you’re responding to in Telegram?

zealous badger Feb 26, 2026, 1:23 PM

#

I want to run security full

devout creekBOT Feb 26, 2026, 1:23 PM

#

If you really want exec = security full (no allowlist, no approval prompts), you can do it from chat or CLI — no manual JSON editing.

Per-session (chat command, easiest)

Send this as a standalone message:

/exec host=gateway security=full ask=off

Then you can confirm current settings with:

/exec

If you’re executing on a paired node instead of the gateway host:

#

/exec host=node security=full ask=off node=<id|name>

(Replace <id|name> with what you see in openclaw nodes list.)

Persistent (CLI, survives restarts)

openclaw config set tools.exec.security "full"
openclaw config set tools.exec.ask "off"
openclaw gateway restart

Big warning (why people usually don’t do this)

security=full means the agent can run basically any shell command on that host. If the agent ever gets prompt-injected (especially via web content), this removes the last hard guardrail. The safer alternative is security=allowlist + ask=on-miss and just allowlist the specific binaries you use.

If you tell me whether your exec runs on gateway or a node (macOS app), I can give the exact command variant and the safest “almost no prompts” setup.

zealous badger Feb 26, 2026, 1:24 PM

#

It’s on gateway

devout creekBOT Feb 26, 2026, 1:26 PM

#

If it’s exec on the gateway and you want security=full, you’ve basically got two layers:

1) Session-only (chat) — fastest

Send as a standalone message:

/exec host=gateway security=full ask=off

(And /exec to show current settings.)

If you’re still getting prompts after that, it’s because gateway exec approvals are set to something stricter (e.g. security=allowlist / ask=always), and they override.

2) Gateway exec approvals (no prompts, truly “full”) — CLI, no manual file editing

This overwrites the gateway’s ~/.openclaw/exec-approvals.json via a command (backup first):

#

openclaw approvals get --gateway --json > exec-approvals.backup.json

openclaw approvals set --gateway --stdin <<'JSON'
{
"version": 1,
"defaults": {
"security": "full",
"ask": "off",
"askFallback": "full",
"autoAllowSkills": false
}
}
JSON

Re-check:

#

openclaw approvals get --gateway

That’s the “no guardrails” mode (be careful). If you want “almost never prompt” but safer, do security:"allowlist", ask:"on-miss" instead and allowlist the bins you use.

zealous badger Feb 26, 2026, 1:27 PM

#

So should I just allow telegram?

devout creekBOT Feb 26, 2026, 1:28 PM

#

No — “allow Telegram” (like setting Telegram DMs/groups to open / "*") doesn’t fix the exec approval prompts. That just controls who can talk to your bot on Telegram (and it’s a big security hole if you open it up).

To stop the prompts on the gateway, you want to change the exec policy, e.g.:

Session-only (chat)

/exec host=gateway security=full ask=off

Persistent (gateway approvals, no prompts)

openclaw approvals set --gateway --stdin <<'JSON'
{
"version": 1,
"defaults": {
"security": "full",

#

"ask": "off",
"askFallback": "full"
}
}
JSON

Only “allow Telegram” if your goal is: “I want to be able to run /exec or /approve from Telegram”. In that case, allowlist only your Telegram user id, not "*".

zealous badger Feb 26, 2026, 1:30 PM

#

got this error? whats the command to just do this i just dont want to be prompted anywehere to run tools

#

Failed to parse approvals JSON: SyntaxError: JSON5: invalid end of input at 1:1

devout creekBOT Feb 26, 2026, 1:30 PM

#

To stop all exec approval prompts on the gateway, you need to make both the exec tool defaults and the gateway exec-approvals policy permissive.

Run these on the gateway host:

# 1) Make the tool default “no prompt, allow everything”
openclaw config set tools.exec.security "full"
openclaw config set tools.exec.ask "off"

# 2) Make gateway exec-approvals “no prompt, allow everything”
openclaw approvals set --gateway --stdin <<'JSON'
{
"version": 1,
"defaults": { "security": "full", "ask": "off", "askFallback": "full" }
}
JSON

#


# 3) Restart so config changes apply
openclaw gateway restart

Verify:

openclaw config get tools.exec
openclaw approvals get --gateway

If you paste the exact error text you got (and which command you ran), I can tell you the one tweak you need (most common: CLI can’t reach the gateway → you need to add --url ... and --token ... to the openclaw approvals ... --gateway command).

#

That error (JSON5: invalid end of input at 1:1) means openclaw approvals set --stdin received an empty stdin (most commonly: you ran the heredoc syntax in a shell that doesn’t support it, or it didn’t get pasted correctly).

Use one of these “works anywhere” commands:

Bash / zsh (Linux/macOS)

printf '%s\n' '{"version":1,"defaults":{"security":"full","ask":"off","askFallback":"full"}}' \
| openclaw approvals set --stdin

PowerShell (Windows)

@'
{ "version": 1, "defaults": { "security": "full", "ask": "off", "askFallback": "full" } }
'@ | openclaw approvals set --stdin

#

CMD (Windows)

echo { "version": 1, "defaults": { "security": "full", "ask": "off", "askFallback": "full" } } | openclaw approvals set --stdin

Then verify:

openclaw approvals get

And if you also want the exec tool itself to stop asking:

openclaw config set tools.exec.security "full"
openclaw config set tools.exec.ask "off"
openclaw gateway restart

#

One quick check: are you running these commands on the gateway machine? If not, openclaw approvals set --stdin will edit your local approvals file, not the gateway’s (in that case you’ll need --gateway --url ... --token ...).

zealous badger Feb 26, 2026, 1:33 PM

#

got this error for the second one Failed to parse approvals JSON: SyntaxError: JSON5: invalid end of input at 1:1

devout creekBOT Feb 26, 2026, 1:34 PM

#

That exact error means the command is still getting empty stdin (so it’s trying to parse "" as JSON5).

Try this exact one-liner (no heredoc, no line-continuations):

macOS/Linux (bash/zsh)

echo '{"version":1,"defaults":{"security":"full","ask":"off","askFallback":"full"}}' \
| openclaw approvals set --gateway --stdin

If you still get the same error, run this to prove whether stdin is empty in your shell:

echo '{"version":1}' | cat

If that prints nothing, you’re not in a normal bash/zsh (or something is eating the pipe).

Windows PowerShell (most reliable on Windows)

#

'{ "version": 1, "defaults": { "security": "full", "ask": "off", "askFallback": "full" } }' |
openclaw approvals set --gateway --stdin

Also: if you’re not on the gateway machine, --gateway may need --url ... --token ... — but note your current error happens before it even talks to the gateway, because stdin is empty.

Tell me your OS + shell (bash/zsh/fish/PowerShell/CMD) and whether you’re SSH’d into the gateway, and I’ll give you the exact copy/paste for that environment.

zealous badger Feb 26, 2026, 1:37 PM

#

I got version 1 when I did that echo

devout creekBOT Feb 26, 2026, 1:39 PM

#

If echo '{"version":1}' | cat printed correctly, your shell piping is fine — the parse error is almost always just “the JSON never actually made it into openclaw approvals set --stdin” (usually because the command got wrapped / copied weird).

Try this as one single line (no backslashes, no line breaks):

echo '{"version":1,"defaults":{"security":"full","ask":"off","askFallback":"full"}}' | openclaw approvals set --gateway --stdin

Then check what the gateway thinks:

openclaw approvals get --gateway

If you want it persistent everywhere (and not just approvals), also set the exec tool defaults + restart:

#

openclaw config set tools.exec.security "full"
openclaw config set tools.exec.ask "off"
openclaw gateway restart

If that still throws invalid end of input at 1:1, paste the exact command you ran (literally copy/paste from your terminal) — because at that point something is altering the pipe/quotes before it reaches OpenClaw.

zealous badger Feb 26, 2026, 1:43 PM

#

hypetheically would that have fix errors when no tools are running?

devout creekBOT Feb 26, 2026, 1:43 PM

#

Only in a pretty specific sense.

Setting exec to security=full + ask=off only affects host exec approvals (gateway/node) — i.e. whether exec/system.run is allowed to run without prompting.

So:

Yes, it can “fix errors” if the errors are actually coming from the agent doing small automatic exec probes (e.g. which <bin>, skill eligibility checks, etc.) and those are currently failing with stuff like:
SYSTEM_RUN_DENIED: approval required
exec denied: approval required
No, it won’t fix errors that are unrelated to exec approvals, like:
tool policy denies (tools.deny: ["exec"] / tool not allowed)
gateway connectivity/auth issues
missing API keys/providers
sandbox not running / wrong host selected
parsing issues like the Failed to parse approvals JSON… you hit (that’s just stdin/CLI input)

If you paste the exact error message you mean (from the chat/system message or openclaw logs --follow), I can tell you 100% whether security=full would affect it.

zealous badger Feb 26, 2026, 3:21 PM

#

Can I set an exec in telegram to full?

devout creekBOT Feb 26, 2026, 3:22 PM

#

Yes — if your Telegram chat is authorized for commands/directives, you can set the Telegram session to run exec as full.

In your Telegram DM with the bot, send (as a standalone message):

/exec host=gateway security=full ask=off

Then check what it’s set to:

/exec

If your real goal is “no approval prompts at all”, this is usually the more direct switch (it skips exec approvals):

#

/elevated full

If Telegram ignores the command

That means your Telegram sender isn’t allowlisted/paired for commands. Fix by allowlisting your Telegram numeric user id (not "*"). You can find it via gateway logs (from.id) or sometimes /whoami.

Then on the gateway:

openclaw config set channels.telegram.allowFrom '[123456789]' --strict-json
openclaw gateway restart

Note: /exec and /elevated are session-level (per chat) and don’t permanently change config unless you use openclaw config set ….

zealous badger Feb 26, 2026, 3:31 PM

#

How are you able to give all these fixes for different openclaw issues

devout creekBOT Feb 26, 2026, 3:31 PM

#

Because I’m not “remembering” them off the top of my head — I’m mostly doing a fast, repeatable workflow:

I look up the exact docs for the feature you’re touching (exec approvals, /exec, /elevated, Telegram allowlists, etc.), so I don’t invent config keys.
When docs are ambiguous, I search the actual OpenClaw source (grep/ripgrep) to confirm what the CLI accepts and what the defaults are.
I try to reduce everything to one of a few systems:
channel access control (who can talk / run commands)
tool policy (which tools are allowed)
exec approvals (ask/allowlist/full on gateway/node)
session directives (/exec, /elevated) vs persistent config (openclaw config set …)
And then I ask for the missing “selector” info (gateway vs node, shell/OS, exact error text) because that’s usually what flips the correct fix.

Still: I can absolutely be wrong if I don’t have the exact error/logs/version or if you’re on a weird edge-case setup — so pasting the exact error text is always the fastest way to get a precise answer.

zealous badger Feb 26, 2026, 3:31 PM

#

Could I create a bot that does the same?

devout creekBOT Feb 26, 2026, 3:33 PM

#

Yeah — but the “magic” isn’t a special bot, it’s the workflow: always verify in docs/source + turn it into a copy/paste command.

If you want a bot that behaves like this, you’ve basically got two options:

Option 1 (easiest): use OpenClaw itself, but make a dedicated “support agent”

Create a separate agent/workspace (so its prompts + files are isolated):

openclaw agents add support --workspace ~/.openclaw/workspace-support

Docs: https://docs.openclaw.ai/cli/agents

Put the OpenClaw repo/docs somewhere that agent can search (clone the repo, or keep a local checkout).
Allow only the tools you actually want it to use (for a support bot: usually web_fetch, web_search, and maybe exec but locked down). If you let it use exec, keep it allowlist and allowlist only things like rg/cat—don’t run security=full on a public-facing bot.

Exec approvals docs: https://docs.openclaw.ai/tools/exec-approvals

#

Option 2: write your own Discord/Telegram bot + LLM + “retrieval”

You’d implement:

a docs/code index (or just ripgrep on a repo checkout),
a retrieval step (search, then quote sources),
strict instructions like “never guess config keys; always cite docs/code”.

That’s more work than Option 1, but fully custom.

Strong recommendation

If this bot will ever see untrusted input (public Discord, web browsing, etc.), don’t give it security=full exec. That’s exactly how prompt injection turns into “rm -rf” incidents.

If you tell me where you want to run it (Discord server? Telegram DM only? local machine?), I can suggest a safe minimal tool/permission setup for that use case.

zealous badger Feb 26, 2026, 3:35 PM

#

devout creekBOT Feb 26, 2026, 3:36 PM

#

Yep — if you want a “bot like this” on Telegram, the simplest path is: run OpenClaw with the Telegram channel enabled, and talk to it via Telegram DM.

1) Create a Telegram bot + token

Use @BotFather → /newbot → copy the token.

2) Add Telegram to your OpenClaw config

Minimal config (JSON5):

{
channels: {
telegram: {
enabled: true,
botToken: "123:abc",
dmPolicy: "pairing", // safest default
groups: { "*": { requireMention: true } }

#

}
}
}

Docs: https://docs.openclaw.ai/channels/telegram

3) Start gateway + approve your DM (pairing)

openclaw gateway
openclaw pairing list telegram
openclaw pairing approve telegram <CODE>

After that, DM the bot on Telegram and you’ll have a private “support bot” chat.

#

4) (Optional) Make it behave more like a “fixer”

Create a dedicated agent/workspace and keep its tools tight (especially don’t give it exec security=full if it will ever see untrusted input).