How to Set Up Exec Approvals in OpenClaw: Control Which Commands Your Agent Can Run
One of the most common questions in the OpenClaw Discord is: "How do I make my agent ask for permission before running certain commands?" This guide walks you through exec approvals—OpenClaw's system for controlling shell command execution.
Understanding the Exec Approvals Model
First, a key clarification: exec approvals are not configured in openclaw.json. They're handled through a separate approvals system that lives alongside your main config.
The mental model is simple:
- Allowlist = commands that run WITHOUT prompting
- Everything else = requires approval (when configured correctly)
There's no separate "commands that need approval" list. If a command isn't on the allowlist and you have ask: "on-miss" set, it will trigger an approval prompt.
Step 1: Configure Your Approval Settings
Set up exec approvals with these three key settings:
security: "allowlist" # Only allow allowlisted binaries
ask: "on-miss" # Prompt when a command isn't allowlisted
askFallback: "deny" # If no UI available, deny (recommended)
You can configure this via:
- Control UI: Go to Nodes → Exec approvals → pick Gateway or a Node
- CLI: Use the
openclaw approvalscommands (see below)
Step 2: Add Commands to the Allowlist (No-Prompt Commands)
To let certain commands run without approval, add them to the allowlist:
# For gateway host approvals
openclaw approvals allowlist add --gateway --agent main "/usr/bin/uptime"
openclaw approvals allowlist add --gateway --agent main "/opt/homebrew/bin/rg"
# For node host approvals (macOS app / headless node)
openclaw approvals allowlist add --node <id|name|ip> --agent main "/opt/homebrew/bin/rg"To inspect your current allowlist:
openclaw approvals get --gateway
openclaw approvals get --node <id|name|ip>Important Gotcha: Use Resolved Binary Paths
Allowlist entries must match the resolved binary path, not just the command name.
❌ uptime
✅ /usr/bin/uptime
If you're unsure of the full path, use which or type:
which uptime
# /usr/bin/uptimeStep 3: Handling Approval Prompts
When the agent tries to run a non-allowlisted command, you'll get a prompt in the Control UI with two options:
- Allow once — runs now, doesn't add to allowlist
- Always allow — adds to allowlist + runs
This is the "approve as you go" workflow that many users prefer.
Alternative: Require Approval for EVERY Command
If you want maximum control and want to approve even allowlisted commands:
ask: "always"
This prompts for every single exec call, regardless of allowlist status.
Sandbox Considerations
Here's a subtle but important point: exec approvals only apply when running on gateway or node hosts.
If sandboxing is disabled, host=sandbox may run directly on the gateway host without prompting. To force approvals:
- Use
host=gatewayorhost=nodeexplicitly in your exec calls - Or enable sandboxing so sandbox requests actually run in isolation
You can set per-session exec defaults in chat:
/exec host=gateway security=allowlist ask=on-miss
Quick Reference
| Setting | Value | Effect |
|---|---|---|
security | "allowlist" | Only allowlisted commands run |
ask | "on-miss" | Prompt for non-allowlisted commands |
ask | "always" | Prompt for ALL commands |
askFallback | "deny" | Deny if no UI to show prompt |
Documentation Links
This article was synthesized from a helpful Discord discussion. Thanks to the community for the great Q&A!
Comments (0)
No comments yet. Be the first to comment!