#node

Those “security / ask” knobs don’t cover all the ways OpenClaw can require approval. There are two different things people usually mean by “node access”:

1) Device pairing approval (nodes / Control UI)

If the message is like disconnected (1008): pairing required (or “pairing required”), that’s device pairing, not exec security.

That happens any time you connect from a new device/browser profile (or you cleared browser storage), and it requires a one-time approval:

openclaw devices list
openclaw devices approve <requestId>

Docs: https://docs.openclaw.ai/web/control-ui (see “Device pairing”)

2) Exec approvals on the node (system.run prompts)

If the message is like SYSTEM_RUN_DENIED: approval required or it’s prompting you to approve a command, that’s Exec approvals.

Key detail: exec approvals are enforced locally on the execution host (the node), via ~/.openclaw/exec-approvals.json, and the effective policy is the stricter of:

• what you set via /exec … ask=… security=… (session/tool policy), and
• what the node approvals file says

So even if you set “ask off”, the node may still be set to ask=on-miss / security=allowlist, which will keep prompting.

To inspect it:

openclaw approvals get --node <id|name|ip>

Docs: https://docs.openclaw.ai/tools/exec-approvals

If you paste the exact prompt text you’re seeing (pairing required vs system.run denied), I can tell you which path you’re on. Also: what does openclaw --version say?

zsh: parse error near `\n'

That zsh: parse error near '\n' is a shell syntax thing — it almost always means you pasted something with an unclosed quote / bracket, and hit Enter on a newline.

Common ways this happens in this exact context:

• You started a quote and didn’t close it, e.g.

  openclaw approvals allowlist add "~/Projects/**/bin/rg
  # missing closing "
  

• You pasted a multi-line JSON snippet into the terminal (JSON5 blocks with { … } aren’t shell commands).

For the stuff I mentioned, these should be single-line commands like:

openclaw approvals get --node <id|name|ip>
openclaw approvals allowlist add --node <id|name|ip> "/usr/bin/uname"

# (quote anything with * or ** so zsh doesn’t glob it)

Can you paste the exact command you ran (remove/redact any tokens/IDs)? I’ll point out the exact character that’s breaking zsh. Also, what does openclaw --version say?

zsh: parse error near `\n'

2026.3.2

That specific error is almost certainly because you literally pasted the docs placeholder with angle brackets.

In zsh, < is input redirection, so something like this will blow up with exactly parse error near '\n':

openclaw approvals get --node <id|name|ip>
#                       ^ you can’t type the <...> part

Do this instead:

1. List your nodes to get a real id/name:

openclaw nodes list

2. Then plug in an actual value (no < >):

openclaw approvals get --node macbook-pro
# or
openclaw approvals get --node 9f3a2c1b

Same deal for openclaw nodes approve <requestId> etc — replace <requestId> with the real one.

If you paste what openclaw nodes list shows (you can redact anything sensitive), I can tell you the exact command to run next to stop the node approval prompts.

Good — 2026.3.2 is recent enough that the docs match what you’re seeing.

If you’re still getting “node access” prompts with “security off / ask off”, it’s usually because those settings were applied in one place, but the node host exec approvals are still stricter.

In 2026.3.x there are 3 layers that can trigger a prompt:

1. Session override (what you set in chat with /exec … ask=… security=…)
2. Gateway config (tools.exec.*)
3. Node host approvals (~/.openclaw/exec-approvals.json on the node) ← this one often still says ask=on-miss or ask=always

The effective behavior is the stricter one, so the node can keep prompting even if the session is set to “ask off”.

Quick way to pinpoint it

Run these and paste the output (no secrets in there):

openclaw nodes list
openclaw approvals get --node <your-node-id-or-name>   # IMPORTANT: replace the <...>, don’t type angle brackets

Also, in the Discord chat, send:

/exec

(that prints what the session thinks the exec policy is)

If it turns out the node approvals are the culprit

You’ll need to change the node’s exec approvals (macOS app Settings → Exec approvals, or via the CLI/Control UI). Docs: https://docs.openclaw.ai/tools/exec-approvals

Paste those outputs and I’ll tell you exactly which knob is still forcing the prompt.

i got Pending: 0 · Paired: 0 for openclaw nodels list

If openclaw nodes list shows Pending: 0 · Paired: 0, then you currently have no node available — so any time OpenClaw tries to do something that requires a node (screen/camera or exec host=node), it’ll keep prompting for “node access” because there’s nothing paired yet.

Two concrete paths:

A) You don’t actually want to use a node (just stop the prompts)

Make sure you’re not targeting host=node:

• In Discord, run:

  /exec host=gateway ask=off security=full
  

  (or host=sandbox if you want it to stay in the sandbox)

That prevents it from trying to hop to a node at all.

B) You do want node exec (pair one once)

1. Start a node (macOS app in node mode, or on the machine you want as the node host):

   openclaw node run --host <your-gateway-host> --port 18789 --display-name "My Mac"

2. Then approve the pairing request on the gateway:

   openclaw devices list
   openclaw devices approve <requestId>
   

Docs: https://docs.openclaw.ai/nodes (see “Pairing + status”)

If you tell me what you’re trying to do when it asks (run shell commands? screenshot? something else) I can point you to the right option.

it needed to set up a cron on my mac

Yeah, that explains it.

OpenClaw cron runs inside the Gateway. So if you told the bot “set up a cron on my Mac” while you’re chatting from somewhere else, the only way it can touch the Mac is via a paired Mac node → hence the “need node access” prompts.

You’ve basically got 2 options:

Option 1: Run the cron on the Mac (simplest)

If your Gateway is running on the Mac, just create the job normally (no node needed):

openclaw cron add ...

Option 2: Gateway is remote, but you want the cron to run commands on the Mac

Then you must pair the Mac as a node (one-time), because that’s the execution host:

1. On the Mac (node machine), connect it to your gateway:

openclaw node run --host <gateway-host> --port 18789 --display-name "My Mac"

2. On the gateway, approve it:

openclaw devices list
openclaw devices approve <requestId>

After that, cron jobs running on the gateway can call system.run on the Mac (subject to exec approvals/allowlist).

Docs: https://docs.openclaw.ai/nodes and https://docs.openclaw.ai/automation/cron-jobs

If you tell me where your Gateway is running (Mac vs VPS) + what the cron should do, I can point you at the exact setup (and how to avoid repeated prompts once the node is paired).

the gateway is running on my mac

If the Gateway is running on your Mac, then cron is already “on your Mac” — you do not need a node at all for cron jobs.

So if you’re still seeing “needs node access”, it usually means one of these is happening:

1. The assistant is trying to run a shell command for you (via exec / system.run) to create the cron, and that is triggering exec approvals (sometimes people describe this as “node access”, but it’s really “host exec approval”).
2. Your session is set to exec host=node (even though you don’t have any nodes paired).

Quick checks

In Discord, run:

/exec

Make sure it’s not set to host=node. If it is, switch it:

/exec host=gateway ask=off security=full

(or keep security=allowlist if you want it safer).

Then, to see what the Mac itself will enforce, run on the Mac:

openclaw approvals get --gateway
# (or just: openclaw approvals get)

Easiest workaround (no exec needed)

Just create the cron directly (no node, no exec approvals prompts):

openclaw cron add ...

(or use the Control UI Cron tab)

If you paste the exact text of the “node access” prompt you’re seeing, I can tell you which of the two cases it is and what to flip.

im not on discord

Got it — then ignore the /exec … bit (that’s a chat slash-command, mainly useful on Discord/Slack/Telegram).

Since your Gateway is running on the Mac, you can set up cron entirely from the Mac terminal (no node needed):

openclaw cron add ...
openclaw cron list

So if you’re still getting “node access required”, it’s usually because your setup is configured to try running commands via a node exec host (even though you don’t have any nodes), or you’re hitting exec approvals (host exec interlock), not cron itself.

Check what exec host you configured (on the Mac)

openclaw config get tools.exec.host
openclaw config get tools.exec.node

If tools.exec.host is node, switch it back to local:

openclaw config set tools.exec.host gateway
openclaw config unset tools.exec.node
openclaw gateway restart

If the prompt is actually “exec approval required”

Inspect the Mac’s approvals policy:

openclaw approvals get --gateway

…and adjust it in the Control UI (Exec approvals panel) or via the approvals file (docs: https://docs.openclaw.ai/tools/exec-approvals).

If you paste the exact “node access” message you’re seeing (just the text), I can tell you which bucket it falls into and the exact fix.

there isnt a command to just allow it all?

There isn’t a single “openclaw approvals allow-all” CLI switch — it’s intentionally a bit friction-y because it’s basically “let the agent run arbitrary commands on your Mac”.

That said, you can “allow it all” in two ways:

1) One-off / per-session (no prompts)

In whatever chat UI you’re using, set exec to full:

• /exec host=gateway security=full ask=off

or even simpler (also skips approvals):

• /elevated full

(Those are session overrides; they don’t write config.)

2) Permanently “allow all” on the Mac (gateway host)

You need to set the exec approvals defaults on the Mac to full + off.

Fast path is the Control UI → Exec approvals panel.

CLI path is file-based:

openclaw approvals get --gateway > /tmp/exec-approvals.json
# edit /tmp/exec-approvals.json: set defaults.security="full", defaults.ask="off"
openclaw approvals set --gateway --file /tmp/exec-approvals.json

If you also want the tool defaults to match (so it stops trying to do allowlist mode):

openclaw config set tools.exec.host gateway
openclaw config set tools.exec.security full
openclaw config set tools.exec.ask off

openclaw gateway restart

Security note: security=full + ask=off means any prompt injection in any chat can potentially turn into arbitrary command execution. If this Mac is your daily driver, I’d strongly recommend security=allowlist + ask=on-miss instead.

what does ask on miss do

ask=on-miss means:

• If the command’s executable matches your exec allowlist → it runs without prompting.
• If it doesn’t match the allowlist (“miss”) → OpenClaw prompts you to approve/deny (and you can usually choose “allow once” vs “always allow”, depending on the UI).

So it’s the “least annoying safe default”: you only get interrupted when the agent tries to run something new/untrusted.

Related knobs (for comparison):

• ask=off: never prompt (so in security=allowlist mode, an allowlist miss is just denied)
• ask=always: prompt every time, even for allowlisted commands

Docs: https://docs.openclaw.ai/tools/exec-approvals#ask-execask

okay lets set up the ask on miss then

Cool — for “ask on miss” you want security=allowlist + ask=on-miss, and you need to allowlist the binary you expect it to run (otherwise everything is a “miss” and it will keep prompting).

1) Set the exec defaults (tool policy)

On your Mac (gateway host):

openclaw config set tools.exec.host gateway
openclaw config set tools.exec.security allowlist
openclaw config set tools.exec.ask on-miss
openclaw gateway restart

2) Allowlist openclaw itself (so cron setup won’t prompt)

openclaw approvals allowlist add --gateway --agent "*" "$(command -v openclaw)"

That means: any openclaw … command is an allowlist hit, so with ask=on-miss it should run without asking.

3) Verify

openclaw approvals get --gateway

If you still get prompted after that, paste the exact prompt text — it’ll usually mean exec approvals defaults on the Mac are still set to ask=always (which overrides), and we’ll flip that via the Control UI Exec approvals panel or by editing the approvals JSON.

I dont understand am i geting to get prompted to approve or no?