Issue Station
Sign In
Tools hereToolbox

openclaw - 💡(How to fix) Fix Security: exec tool bypasses write deny in security executor agents [1 participants]

Official PRs (…)
ON THIS PAGE

Recommended Tools

×6

Utilities matched from this issue’s tags and category — try them while you read without losing context.

GitHub issue graph ai analysis

Paste a GitHub issue URL. We fetch that issue, discover linked issues from bodies/comments/timeline, collect linked pull requests, and produce a structured English report.

The report is written in English Markdown for sharing and archival.

Helpful · Quick feedback

Loading…
GitHub stats
openclaw/openclaw#60694Fetched 2026-04-08 02:48:13
View on GitHub
Comments
0
Participants
1
Timeline
0
Reactions
0
Author
deciiadeciia
Participants
deciiadeciia

Fix Action

Fix / Workaround

A security executor agent is configured with:

{
  "tools": {
    "allow": ["read", "exec", "process"],
    "deny": ["write", "edit", "apply_patch", "browser", "gateway"]
  }
}

Code Example

{
  "tools": {
    "allow": ["read", "exec", "process"],
    "deny": ["write", "edit", "apply_patch", "browser", "gateway"]
  }
}

---

# This bypasses the write denial
echo "malicious content" > /path/to/file
# or
powershell -Command "Set-Content -Path file.txt -Value 'content'"
RAW_BUFFERClick to expand / collapse

Problem

When creating a security executor agent with a tool policy that denies write operations, the exec tool can still be used to write files, effectively bypassing the write denial.

Scenario

A security executor agent is configured with:

{
  "tools": {
    "allow": ["read", "exec", "process"],
    "deny": ["write", "edit", "apply_patch", "browser", "gateway"]
  }
}

Even though write and edit are explicitly denied, the agent can still write files using exec:

# This bypasses the write denial
echo "malicious content" > /path/to/file
# or
powershell -Command "Set-Content -Path file.txt -Value 'content'"

Expected Behavior

The write and edit tool denial should also block equivalent file-writing operations through exec, or there should be a mechanism to restrict exec from performing file write operations.

Environment

  • OpenClaw version: 2026.4.2
  • Platform: Windows_NT
  • Model: minimax-portal/MiniMax-M2.7

Possible Solutions

  1. Deny list for exec: Add an execDeny or execWriteDeny field to the tool policy to explicitly block file-writing commands in exec
  2. Content inspection: Inspect exec command content for file-writing patterns and block suspicious operations
  3. Documentation update: At minimum, document this limitation clearly so users understand that write denial does not cover exec-based writes
  4. Separate exec policy: Allow exec to have its own allow/deny rules independent of other tools

Additional Context

This is particularly concerning for security executor agents that are designed to be read-only but may inadvertently cause damage through exec bypass.

Thank you for considering this security concern.

extent analysis

TL;DR

Implementing an execDeny or execWriteDeny field in the tool policy to explicitly block file-writing commands in exec is likely the most effective fix to prevent bypassing write denials.

Guidance

  • Review the current tool policy configuration to understand which operations are allowed or denied, and consider the implications of exec bypassing these restrictions.
  • Evaluate the proposed solutions, such as adding an execDeny field, content inspection, or separate exec policy, to determine the best approach for your specific use case.
  • Consider the security implications of allowing exec to perform file write operations, even if write and edit are denied, and assess the potential risks to your system.
  • Test any implemented solution thoroughly to ensure it effectively prevents exec from bypassing write denials and to identify any potential edge cases or vulnerabilities.

Example

{
  "tools": {
    "allow": ["read", "exec", "process"],
    "deny": ["write", "edit", "apply_patch", "browser", "gateway"],
    "execDeny": ["echo * > *", "powershell -Command Set-Content"]
  }
}

This example illustrates how an execDeny field could be used to block specific file-writing commands in exec.

Notes

The effectiveness of the proposed solutions may depend on the specific requirements and constraints of your system, and may require additional testing and validation to ensure they do not introduce unintended consequences.

Recommendation

Apply a workaround, such as implementing an execDeny field, to prevent exec from bypassing write denials, as this approach can be implemented without requiring significant changes to the underlying system.

Vote matrix · Quick signals

Works
Did the solution work? Tap to confirm.
Easy Fix
Was it a quick fix?
Time Saver
Did it save you time?
Blocking
Was it severely blocking?
Common Issue
Are others likely hitting this too?
Flaky / Intermittent
Is it intermittent?
Verified / Reproducible
Can you reproduce it reliably?
Loading…
#pipeline error#runtime error#dependency conflict#environment setup#docker error

Still need to ship something?

×6

Another batch ranked right after the header list — different links, same matching logic.

Back to top recommendations

TRENDING