No exec tools? | Friends of the Crustacean 🦞🤝 | Page 1

twin heart Apr 9, 2026, 5:39 PM

#

Updated to 4.9.2026 and my agent lost the exec tools? I have profile set to "full" and tools.allow set to "*". This was it's response when asked about exec tools:

Nope — looking at my available tools, I only have llm-task in this environment. No exec, read, write, browser, or other tools.

I'm running in a pretty stripped-down context here. If you need me to run commands or interact with files, you'd need to either:

Paste the output directly into chat, or
Check if there's a different agent/session with full tooling available
What are you trying to do? I can still help with reasoning, code review, writing, etc. even without exec.

turbid schoonerBOT Apr 9, 2026, 5:39 PM

#

twin heart Apr 9, 2026, 5:39 PM

#

Updated from 3.28 fyi

oblique sundialBOT Apr 9, 2026, 5:40 PM

#

Let me check the docs and source so I don’t guess.

#

That smells like tool policy, not exec approvals.

I checked the docs/source, and:

tools.profile: "full" means no restriction
tools.allow: ["*"] should still include exec

So if the agent only sees llm-task, something later in the chain is narrowing tools. The usual suspects are:

tools.sandbox.tools.allow
agents.list[].tools.sandbox.tools.allow
agents.list[].tools.allow
tools.byProvider[...] or agents.list[].tools.byProvider[...]
agents.defaults.sandbox.mode: "non-main" on Discord/thread sessions, because those sessions are non-main and sandbox policy kicks in there

Seeing only llm-task is a pretty strong hint that some explicit allowlist is set somewhere.

#

Can you paste:

openclaw --version
openclaw sandbox explain --json

If you want, also paste your tools, agents.defaults.sandbox, and agents.list[].tools config blocks. I can usually spot the bad layer fast.

One tiny gotcha too: if you literally set tools.allow: "*" as a string, make it an array/list, ["*"].

Docs:
https://docs.openclaw.ai/gateway/sandbox-vs-tool-policy-vs-elevated
https://docs.openclaw.ai/gateway/configuration-reference#tools

#

Huge jump, let me check the migration bits so I don’t send you on a wild goose chase.

#

Ah, coming from 3.28 changes the picture a lot, that is a big config/migration jump.

I would not blame exec itself yet. tools.profile: "full" plus tools.allow: ["*"] should not hide exec on its own.

What I’d suspect now is one of these:

legacy config migration from old agent.* layout did not land how you expect
the Discord/thread session is non-main, so agents.defaults.sandbox.mode: "non-main" is putting that session under tools.sandbox.tools.*
an agent-specific or provider-specific allowlist is overriding the global one

The docs say openclaw doctor is exactly the migration/repair step for this kind of jump, including legacy agent.* -> agents.defaults + tools.*.

I’d run these in order:

openclaw --version

#

openclaw doctor
openclaw gateway restart
openclaw sandbox explain --json

A couple things to watch for:

if sandbox explain shows the allowlist source is tools.sandbox.tools.allow or agents.list[].tools.sandbox.tools.allow, that is probably the culprit
if it shows agents.list[].tools.allow or tools.byProvider[...], same story
make sure tools.allow is actually ["*"], not the string "*"

If you paste the output, or just your tools, agents.defaults.sandbox, and agents.list config blocks, I can usually point at the exact bad key pretty fast.

Docs:
https://docs.openclaw.ai/gateway/doctor
https://docs.openclaw.ai/gateway/sandbox-vs-tool-policy-vs-elevated

#

https://docs.openclaw.ai/install/updating

twin heart Apr 9, 2026, 5:42 PM

#

This is my root tools....Is that why??

"tools": {
"allow": [
"llm-task"
],

oblique sundialBOT Apr 9, 2026, 5:42 PM

#

Yep, that’s exactly it.

tools.allow is a real allowlist. Once it is non-empty, only those tools are exposed.

So:

tools: {
  allow: ["llm-task"]
}

means “give me only llm-task”, even if tools.profile is "full".

Fix

Pick one:

#

Simplest: remove tools.allow entirely
Or set it to:

tools: {
  allow: ["*"]
}

Or explicitly allow the groups you want, for example:

tools: {
  allow: ["group:runtime", "group:fs", "group:web", "llm-task"]
}

#

Then restart:

openclaw gateway restart

Docs:
https://docs.openclaw.ai/gateway/configuration-reference#tools
https://docs.openclaw.ai/gateway/sandbox-vs-tool-policy-vs-elevated

Glad we caught that 😅

If this fixed it, please right-click the solution message → Apps → ✅ Mark Solution so Answer Overflow can index it.

twin heart Apr 9, 2026, 5:43 PM

#

When did that change

oblique sundialBOT Apr 9, 2026, 5:44 PM

#

Let me check the history instead of guessing.

#

Not in 4.9.2026 specifically.

What changed is the newer tool policy model that you skipped into by jumping from 3.28:

2026-01-13: tool profiles + group shorthands landed
2026-02-02: ["*"] wildcard handling was fixed
2026-02-11: docs explicitly clarified that tools.allow is a strict allowlist
2026-04-02: another policy fix landed around preserving restrictive allowlists

So the important bit is: this is not really a fresh regression, it is the newer intended behavior.

In other words:

tools: {
  allow: ["llm-task"]

#No exec tools?

Fix