Issue Station
Sign In
Tools hereToolbox

openclaw - 💡(How to fix) Fix [Bug] exec.security='full' completely broken in 2026.3.31 — exec approvals cannot be disabled at all [3 comments, 4 participants]

Official PRs (…)
ON THIS PAGE

Recommended Tools

×6

Utilities matched from this issue’s tags and category — try them while you read without losing context.

GitHub issue graph ai analysis

Paste a GitHub issue URL. We fetch that issue, discover linked issues from bodies/comments/timeline, collect linked pull requests, and produce a structured English report.

The report is written in English Markdown for sharing and archival.

Helpful · Quick feedback

Loading…
GitHub stats
openclaw/openclaw#59079Fetched 2026-04-08 02:28:57
View on GitHub
Comments
3
Participants
4
Timeline
8
Reactions
4
Author
akihara-samakihara-sam
Participants
akihara-samakihara-samraydoomedraydoomedrobertwrayscoderobertwrayscodesteipetesteipete
Timeline (top)
commented ×3cross-referenced ×2closed ×1locked ×1

Root Cause

This is not a minor issue — it's a complete failure of the security configuration system. Users have NO WAY to disable exec approvals without manually allowlisting 70+ binary paths, and even that doesn't fully work because any new command format still fails.

Fix Action

Workaround

None that are practical. Manually adding 70+ binary paths to allowlist is not a solution — it's a band-aid on a arterial wound.

The only workable solution is to downgrade to 2026.3.28, which does not have this problem.

Code Example

{
  "version": 1,
  "defaults": {
    "security": "full",
    "ask": "off",
    "askFallback": "full",
    "autoAllowSkills": true
  },
  "agents": {
    "main": {
      "security": "full",
      "ask": "off"
    }
  }
}
RAW_BUFFERClick to expand / collapse

Bug Description

STOP SHIPPING BROKEN SECURITY FEATURES.

In OpenClaw 2026.3.31, setting exec.security: 'full' in ~/.openclaw/exec-approvals.json DOES NOT WORK. The approval system continues to enforce allowlist for EVERY SINGLE command, completely bypassing the documented behavior.

This is not a minor issue — it's a complete failure of the security configuration system. Users have NO WAY to disable exec approvals without manually allowlisting 70+ binary paths, and even that doesn't fully work because any new command format still fails.

Steps to Reproduce

  1. Install OpenClaw 2026.3.31
  2. Set exec.security: 'full' and exec.ask: 'off' in ~/.openclaw/exec-approvals.json
  3. Try running ANY command not in the allowlist
  4. Result: exec denied: allowlist misseven with security set to full

Expected Behavior

According to the docs:

  • security: 'full' should "allow everything (equivalent to elevated)"
  • ask: 'off' should "never prompt"

Reality: Neither works. Every command requires explicit allowlist entry.

Impact

  • Every new command format requires user approval
  • Allowlisting individual paths is a nightmare — 70+ entries and still failing
  • The allow-always flag via /approve command only works per-command, not globally
  • This makes the agent nearly unusable for automation workflows
  • Known issue #49266 was supposedly fixed but the problem persists in 2026.3.31

Workaround

None that are practical. Manually adding 70+ binary paths to allowlist is not a solution — it's a band-aid on a arterial wound.

The only workable solution is to downgrade to 2026.3.28, which does not have this problem.

Environment

  • OpenClaw version: 2026.3.31
  • macOS: Darwin 25.3.0
  • Node: v22.22.0
  • Deployment: local gateway

Configuration Used

{
  "version": 1,
  "defaults": {
    "security": "full",
    "ask": "off",
    "askFallback": "full",
    "autoAllowSkills": true
  },
  "agents": {
    "main": {
      "security": "full",
      "ask": "off"
    }
  }
}

Suggested Fix

  1. Make security: 'full' actually allow all exec without allowlist
  2. Or if there's a technical reason it can't work, at least give users a clear exec.security: 'disabled' option
  3. Document the actual behavior, don't advertise 'full' if it doesn't work

Related Issues

  • #49266 (reported similar behavior, supposedly fixed)

extent analysis

TL;DR

Downgrade to OpenClaw version 2026.3.28 as a temporary workaround to resolve the security configuration issue.

Guidance

  • Verify that the issue persists by attempting to run a command not in the allowlist with exec.security set to 'full' and checking for the exec denied: allowlist miss error.
  • Consider manually adding binary paths to the allowlist as a temporary, though impractical, solution.
  • Review the documentation for exec.security and exec.ask to understand the expected behavior and identify any potential discrepancies.
  • Monitor the status of related issue #49266 for any updates or fixes.

Example

No code snippet is provided as the issue is related to configuration and versioning rather than code implementation.

Notes

The provided configuration and version information suggest that the issue is specific to OpenClaw version 2026.3.31. Downgrading to version 2026.3.28 may resolve the issue, but it is essential to be aware of any potential security implications or other changes introduced in the newer version.

Recommendation

Apply the workaround by downgrading to OpenClaw version 2026.3.28, as it is the only known solution that resolves the security configuration issue without requiring impractical manual allowlisting of binary paths.

Vote matrix · Quick signals

Works
Did the solution work? Tap to confirm.
Easy Fix
Was it a quick fix?
Time Saver
Did it save you time?
Blocking
Was it severely blocking?
Common Issue
Are others likely hitting this too?
Flaky / Intermittent
Is it intermittent?
Verified / Reproducible
Can you reproduce it reliably?
Loading…
#LLM response#prompt template#agent execution#callback error#memory management

Still need to ship something?

×6

Another batch ranked right after the header list — different links, same matching logic.

Back to top recommendations

TRENDING

openclaw - 💡(How to fix) Fix [Bug] exec.security='full' completely broken in 2026.3.31 — exec approvals cannot be disabled at all [3 comments, 4 participants]