#Elevated Mode & Sandbox Config Keys β€” Valid in OpenClaw?

1 messages Β· Page 1 of 1 (latest)

full frigate
#

I've seen a recommendation to add elevated_mode: true and sandbox: false to openclaw.json to allow the gateway to manage itself properly β€” kill hung processes, restart services, bind to ports. Are these valid config keys in OpenClaw 2026.4.21? If so, what do they actually do and is it safe to set them on a local WSL2 install?

charred breachBOT
#

To help others find answers, you can mark your question as solved via Right click solution message -> Apps -> βœ… Mark Solution

versed remnantBOT
#

Assuming openclaw --version really says 2026.4.21, no, not as written.

These are not the supported config keys:

  • elevated_mode: true
  • sandbox: false

The real 2026.4.x knobs are:

  • agents.defaults.sandbox.mode: "off" | "non-main" | "all"
  • tools.elevated.enabled: true
  • tools.elevated.allowFrom.<channel>: [...]
  • optionally agents.defaults.elevatedDefault: "off" | "on" | "ask" | "full"

Important bit: elevated only matters when the session is sandboxed. It is an exec-only escape hatch out of the sandbox. It does not give the gateway root/admin powers, and it does not magically let it restart services or bind privileged ports.

So on a local WSL2 install:

  • sandbox.mode: "off" is basically the normal host-first behavior already.
#
  • tools.elevated is only useful if you intentionally enable sandboxing and want a break-glass host exec path.
  • Restarting services, killing other users' processes, or binding ports like <1024 still depends on the actual WSL/Linux user permissions (and for service management, usually whether systemd is enabled in WSL).

So my recommendation is:

  • Personal local WSL2 install: leaving sandbox off is fine if only trusted chats can reach runtime/file tools.
  • Do not enable broad tools.elevated access in shared/group contexts.
  • If you want isolation, use agents.defaults.sandbox.mode, not sandbox: false.

Docs:

If you want, paste your openclaw.json snippet plus openclaw sandbox explain, and I can sanity-check the exact safe config.