zenith rune
Last login: Mon Mar 2 05:05:38 2026 from 112.206.96.78
axis@vmi3046347:~$ openclaw configure
🦞 OpenClaw 2026.2.25 (4b5d4a4) — If something's on fire, I can't extinguish it—but I can write a beautiful postmortem.
04:08:11 [plugins] plugins.allow is empty; discovered non-bundled plugins may auto-load: kimi-claw (/home/axis/.openclaw/extensions/kimi-claw/dist/index.js). Set plugins.allow to explicit trusted ids.
gusty boltBOT
That line is a security warning, not a failure.
It’s telling you:
kimi-claw under ~/.openclaw/extensions/...plugins.allow is empty)You’ve got three reasonable options:
You don’t want kimi-claw at all → move/remove the folder, then restart the gateway.
(Removing it is the cleanest way to make the warning go away, because there are no longer any non-bundled plugins to discover.)
You do want kimi-claw, and you trust the machine → you can ignore the warning.
You want hardening → set an explicit allowlist. Start by listing what’s currently present:
openclaw plugins list
Then add an allowlist in ~/.openclaw/openclaw.json (or via openclaw config set ...) that includes the plugins you actually want. Example shape (from the config reference):
{
plugins: {
allow: ["memory-core", "device-pair", "phone-control", "talk-voice", "kimi-claw"],
},
}
Important: plugins.allow applies to bundled plugins too, so don’t set it to just ["kimi-claw"] unless you’re OK potentially disabling other built-in functionality.
Docs: