I want my openclaw bot to just be able to run commands without approvals. I trust it since it is using a really advanced model, one that can't be jailbroken.
#How to disable approvals?
dense coral
shy cometBOT
strong wyvernBOT
There isn’t a model that “can’t be jailbroken” in practice — prompt injection isn’t solved, and the scary part is it can come from content (web pages, pasted logs, attachments), not just “a bad person DM’ing you”. OpenClaw’s approvals exist specifically because of that. (Docs: https://docs.openclaw.ai/gateway/security#prompt-injection-what-it-is-why-it-matters)
That said, if what you mean is exec approvals (the prompts before exec / system.run on a real host), you can turn them off — just understand you’re removing the main hard guardrail.
Option A (recommended): no prompts, but still safe-ish
Set exec approvals to allowlist + ask off. Then it runs without prompting as long as the binary is allowlisted.
- Exec approvals live on the execution host in:
~/.openclaw/exec-approvals.json - Key knobs (from the docs):
securityandask
https://docs.openclaw.ai/tools/exec-approvals
You’d want something like:
security: "allowlist"ask: "off"
…and then add allowlist entries for the binaries you actually want.
CLI helpers to manage allowlists:
https://docs.openclaw.ai/cli/approvals
Option B (most dangerous): full trust (no approvals)
Set exec approvals to:
security: "full"(allows everything; equivalent to “no interlock”)
Same doc as above: https://docs.openclaw.ai/tools/exec-approvals
Option C (session-only): skip approvals temporarily
If enabled on your bot, you can do /elevated full for the session, which skips exec approvals:
https://docs.openclaw.ai/tools/elevated
Strong suggestion if you do this: only use it in a locked-down DM, and make sure your channel allowFrom / pairing is tight.
If you tell me your setup (gateway on VPS vs local, and whether you’re running system.run via a macOS node), I can point you at the exact place to change it (gateway host vs node host).
dense coral
https://docs.openclaw.ai/cli/approvals
### Option B (most dangerous): full trus...
I choose option b just tell me how to revert it later.
hello??
strong wyvernBOT
Yep — I’m here.
If you want zero exec approval prompts, you have two ways:
-
Session-only (fastest): run
/elevated full(if you’re allowlisted for elevated). This skips exec approvals for that session.
Docs: https://docs.openclaw.ai/tools/elevated -
Permanent (host-level, most dangerous): on the machine that’s actually executing commands (gateway host or node host), edit
~/.openclaw/exec-approvals.jsonand set:
defaults.security: "full"- (optionally)
defaults.ask: "off"
Docs: https://docs.openclaw.ai/tools/exec-approvals
If you tell me where you’re trying to run commands (gateway host vs macOS node via system.run), I’ll tell you exactly which host’s approvals file/UI you need to change.
dense coral
Yep — I’m here.
If you want **zero exec approval prompts**, you have two ways:
...
give me a command to enable zero approvals and one to disable it
strong wyvernBOT
Two different “toggles” you can use (pick the one you meant):
1) Per-session toggle (chat command)
This is the clean “on/off” switch:
- Enable zero approvals (for this session):
/elevated full - Disable it:
/elevated off
Docs: https://docs.openclaw.ai/tools/elevated
2) Persistent toggle (exec-approvals policy on the execution host)
This edits exec-approvals on the host (gateway or node). Dangerous if you set full.
Enable zero approvals (sets security=full, ask=off):
cat > /tmp/exec-approvals.json <<'JSON' && openclaw approvals set --file /tmp/exec-approvals.json
{
"version": 1,
"defaults": { "security": "full", "ask": "off", "askFallback": "full", "autoAllowSkills": true },
"agents": {}
}
JSON
Disable zero approvals (back to “approval/allowlist mode” defaults):
cat > /tmp/exec-approvals.json <<'JSON' && openclaw approvals set --file /tmp/exec-approvals.json
{
"version": 1,
"defaults": { "security": "allowlist", "ask": "on-miss", "askFallback": "deny", "autoAllowSkills": false },
"agents": {}
}
JSON
If you’re targeting a gateway or a node, add:
openclaw approvals set --gateway --file ...- or
openclaw approvals set --node <id|name|ip> --file ...
Docs: https://docs.openclaw.ai/tools/exec-approvals and https://docs.openclaw.ai/cli/approvals
(Also: no model is “unjailbreakable”; treat anything that reads the web/logs/files as a prompt-injection risk.)
dense coral
I did it now it says
{
"status": "error",
"tool": "exec",
"error": "exec denied: allowlist miss"
}
strong wyvernBOT
That error means your exec policy is currently security=allowlist, and the command you’re trying to run isn’t on the allowlist — so it gets blocked.
This usually happens in one of these situations:
A) You updated the wrong host’s approvals file
openclaw approvals set --file ... (no flags) edits the local machine. But your bot is executing on the gateway host (or a node).
Check what the gateway thinks:
openclaw approvals get --gateway
If you meant to make the gateway “no approvals”, set it on the gateway:
openclaw approvals set --gateway --file /tmp/exec-approvals.json
(Using the security:"full" file from earlier.)
B) You’re in allowlist mode with prompts effectively off
If you want no prompts but still allowlist security, you must add the binary path:
openclaw approvals allowlist add --gateway --agent main "/usr/bin/<the-command>"
On macOS Homebrew it’s often /opt/homebrew/bin/<cmd>.
C) You expected an approval prompt, but Discord exec-approvals isn’t enabled
If approvals are required but the UI can’t be shown, OpenClaw falls back to deny.
Enable Discord exec approvals + set approvers:
channels.discord.execApprovals.enabledchannels.discord.execApprovals.approvers
Docs: https://docs.openclaw.ai/channels/discord#exec-approvals-in-discord
If you paste:
- the exact command you tried to run, and
- whether your gateway is local or remote,
I can tell you the exact allowlist path / which--gatewayor--nodeflag you need.