openclaw - ✅(Solved) Fix security: "full" + ask: "off" should bypass obfuscation detection [1 pull requests, 1 participants]

Q: Expected behavior

When `hostSecurity === "full"`, the obfuscation check should be skipped entirely. The operator has explicitly opted out of all approval gates.

openclaw2026-04-05 21:24:15

ON THIS PAGE

Recommended Tools

×6

Utilities matched from this issue’s tags and category — try them while you read without losing context.

GitHub issue graph ai analysis

Paste a GitHub issue URL. We fetch that issue, discover linked issues from bodies/comments/timeline, collect linked pull requests, and produce a structured English report.

The report is written in English Markdown for sharing and archival.

GitHub issue URL

Helpful · Quick feedback

GitHub stats

openclaw/openclaw#61524•Fetched 2026-04-08 02:57:40

View on GitHub

Comments

Participants

Timeline

Reactions

Author

russellweiss

Participants

russellweiss

Timeline (top)

cross-referenced ×1referenced ×1

When exec-approvals.json has security: "full" and ask: "off", the obfuscation detector still forces approval prompts — making it impossible to fully disable approvals for trusted single-operator setups.

Root Cause

In src/agents/bash-tools.exec-host-gateway.ts (~line 126-133):

const requiresAsk =
    requiresExecApproval({ ask: hostAsk, security: hostSecurity, ... }) ||
    requiresHeredocApproval ||
    obfuscation.detected;  // <-- overrides security=full

obfuscation.detected is OR'd unconditionally, ignoring the operator's explicit security: "full" setting.

Additionally, the python-exec-encoded pattern (src/infra/exec-obfuscation-detect.ts line 83-86) has false positives — it matches sys.executable (substring exec) and systemctl (substring system).

Fix Action

Fixed

Fixed by PR: fix(exec): skip obfuscation approval check when security=full (https://github.com/openclaw/openclaw/pull/61634)

PR fix notes

PR #61634: fix(exec): skip obfuscation approval check when security=full

Repository: openclaw/openclaw
Author: EronFan
State: closed | merged: False
Link: https://github.com/openclaw/openclaw/pull/61634

Description (problem / solution / changelog)

Summary

Fixes #61524 - security: "full" + ask: "off" still triggers obfuscation approval prompt.

Problem

When (or equivalent config) has and , the obfuscation detector still forces approval prompts via unconditional OR of :

This makes it impossible to fully disable approvals for trusted single-operator setups.

Fix

Guard with in both files:

When , the operator has explicitly opted out of all approval gates — obfuscation checks are therefore also bypassed.

Testing

TypeScript compilation passes with no errors
Existing exec approval tests unaffected (fix is conditional on , which is not the default)

Changed files

src/agents/bash-tools.exec-host-gateway.ts (modified, +1/-1)
src/agents/bash-tools.exec-host-node.ts (modified, +1/-1)
src/cron/isolated-agent/delivery-target.ts (modified, +14/-1)
ui/src/styles/chat/grouped.css (modified, +1/-0)
ui/src/ui/chat/grouped-render.ts (modified, +7/-3)

Code Example

const requiresAsk =
    requiresExecApproval({ ask: hostAsk, security: hostSecurity, ... }) ||
    requiresHeredocApproval ||
    obfuscation.detected;  // <-- overrides security=full

---

const requiresAsk =
    requiresExecApproval({ ask: hostAsk, security: hostSecurity, ... }) ||
    (hostSecurity !== "full" && (requiresHeredocApproval || obfuscation.detected));

RAW_BUFFERClick to expand / collapse

Summary

Reproduction

Set exec-approvals.json defaults to { "security": "full", "ask": "off", "askFallback": "full" }
Also set tools.exec.security: "full" and tools.exec.ask: "off" in openclaw.json
Run any command containing python3 -c with words like sys.executable, or any SSH command calling systemctl
Approval prompt appears despite security=full + ask=off

Root cause

In src/agents/bash-tools.exec-host-gateway.ts (~line 126-133):

const requiresAsk =
    requiresExecApproval({ ask: hostAsk, security: hostSecurity, ... }) ||
    requiresHeredocApproval ||
    obfuscation.detected;  // <-- overrides security=full

obfuscation.detected is OR'd unconditionally, ignoring the operator's explicit security: "full" setting.

Expected behavior

When hostSecurity === "full", the obfuscation check should be skipped entirely. The operator has explicitly opted out of all approval gates.

Suggested fix

const requiresAsk =
    requiresExecApproval({ ask: hostAsk, security: hostSecurity, ... }) ||
    (hostSecurity !== "full" && (requiresHeredocApproval || obfuscation.detected));

Same change needed in bash-tools.exec-host-node.ts.

extent analysis

TL;DR

Modify the requiresAsk condition in bash-tools.exec-host-gateway.ts and bash-tools.exec-host-node.ts to skip obfuscation checks when hostSecurity is set to "full".

Guidance

Review the src/agents/bash-tools.exec-host-gateway.ts and bash-tools.exec-host-node.ts files to ensure the requiresAsk condition is correctly modified to respect the hostSecurity setting.
Verify that the obfuscation.detected check is only performed when hostSecurity is not set to "full".
Test the changes with the reproduction steps provided to confirm that approval prompts are no longer forced when security is set to "full" and ask is set to "off".
Consider refining the python-exec-encoded pattern in src/infra/exec-obfuscation-detect.ts to reduce false positives.

Example

The suggested fix provided in the issue can be applied as follows:

const requiresAsk =
    requiresExecApproval({ ask: hostAsk, security: hostSecurity, ... }) ||
    (hostSecurity !== "full" && (requiresHeredocApproval || obfuscation.detected));

This change ensures that the obfuscation check is skipped when hostSecurity is set to "full", allowing the operator to opt out of approval gates as expected.

Notes

The fix assumes that the hostSecurity setting is correctly propagated to the requiresAsk condition. Additional testing may be necessary to ensure that the fix works as expected in all scenarios.

Recommendation

Apply the suggested workaround by modifying the requiresAsk condition in bash-tools.exec-host-gateway.ts and bash-tools.exec-host-node.ts to skip obfuscation checks when hostSecurity is set to "full", as this will allow the operator to opt out of approval gates as expected.

Vote matrix · Quick signals

Works

Did the solution work? Tap to confirm.

Easy Fix

Was it a quick fix?

Time Saver

Did it save you time?

Blocking

Was it severely blocking?

Common Issue

Are others likely hitting this too?

Flaky / Intermittent

Is it intermittent?

Verified / Reproducible

Can you reproduce it reliably?

FAQ

Expected behavior

When hostSecurity === "full", the obfuscation check should be skipped entirely. The operator has explicitly opted out of all approval gates.

#docker error #permission error #memory optimization #batch processing #GPU compatibility

Still need to ship something?

×6

Another batch ranked right after the header list — different links, same matching logic.

openclaw - ✅(Solved) Fix security: "full" + ask: "off" should bypass obfuscation detection [1 pull requests, 1 participants]

Recommended Tools

GitHub issue graph ai analysis

Root Cause

Fix Action

Fixed

PR fix notes

PR #61634: fix(exec): skip obfuscation approval check when security=full

Description (problem / solution / changelog)

Summary

Problem

Fix

Testing

Changed files

Code Example

Summary

Reproduction

Root cause

Expected behavior

Suggested fix

extent analysis

TL;DR

Guidance

Example

Notes

Recommendation

FAQ

Expected behavior

Still need to ship something?

RELATED_DISCOVERY

TRENDING