Manage the Tool Allowlist to Prohibit High-Risk Tools
A tool allowlist is the core method to harden OpenClaw security. By limiting the system capabilities that an agent can invoke, it prevents high-risk operations (such as file deletion, arbitrary command execution, and permission modification) from being maliciously exploited or accidentally executed.
Tool Description
Tool Group |
Included Tool |
Risk Level |
|---|---|---|
group:runtime |
exec, bash, and process |
Critical |
group:fs |
read, write, edit, and apply_patch |
High |
group:web |
web_search and web_fetch |
Medium |
group:ui |
browser and canvas |
Medium |
group:sessions |
sessions_list, sessions_history, sessions_send, sessions_spawn, and session_status |
Low |
group:memory |
memory_search and memory_get |
Low |
Tool |
Risk Description |
Enforcement Level |
|---|---|---|
exec |
Executes arbitrary shell commands. It can lead to database deletion and system tampering. |
Mandatory |
process |
Manages background processes. It can terminate critical services. |
Mandatory |
write / edit / apply_patch |
Writes or modifies files. It can overwrite sensitive configurations. |
Strongly recommended |
browser |
It may access sensitive websites, scrape authenticated pages, or be manipulated by attackers into performing malicious operations. |
Recommended |
nodes |
Node scheduling, which is typically unused by default |
Recommended |
canvas |
Drawing function, which is rarely used. |
Recommended |
Procedure
- Method 1
- You can run commands to disable tools as required.
- Disabling all high-risk tools
- Minimum restriction
- Using preset profiles
Allows for quick configuration. Select a profile that matches your scenario.
openclaw config set tools.profile "minimal" openclaw config set tools.profile "messaging" openclaw config set tools.profile "coding"
Profile matrix:Profile
Included Tool
Application Scenario
minimal
Only session_status
Read-only chat scenarios (most secure)
messaging
Message tool group
Chatbots
coding
Grants development-related permissions: file system (group:fs, e.g., read/write), runtime (group:runtime, e.g., exec/process), sessions (group:sessions), network (group:web), memory (group:memory), and images (image).
Development/Coding
full
No permission restrictions
Local development, function testing, and scenarios requiring unrestricted AI capabilities
- Set security hardening baselines for fs and exec.
openclaw config set tools.fs.workspaceOnly true openclaw config set tools.exec.security "deny" openclaw config set tools.exec.ask "always"
- Restart the OpenClaw gateway.
openclaw gateway restart
- You can run commands to disable tools as required.
- Method 2
- Open the configuration file.
vim ~/.openclaw/openclaw.json
- Press i to enter the insert mode. Modify the file as follows. If the items do not exist, add them manually. The example below demonstrates disabling all high-risk tools. You can disable tools as required.
{ "tools": { "deny": [ "group:runtime", // Runtime tool group (exec, bash, and process) – Critical! "group:ui", // Disables UI interaction tools; this will affect TUI functionality. "group:fs", // Disables file system operations (read/write/delete, and directory traversal) "group:web", // Disables network tools (and their operations such as HTTP requests and web scraping) "nodes", // Disables node operations (related to node management tools) "canvas", // Disables canvas/drawing tools. "apply_patch" // Disables patching tools (to prohibit code modifications) ] } }Alternatively, you can implement granular restriction by explicitly listing the tools to be disabled. See the following example.
{ "tools": { "allow": [ "read", "web_search", "web_fetch", "sessions_list", "session_status", "memory_search", "memory_get" ], "deny": [ "exec", "process", "write", "edit", "apply_patch", "nodes", "canvas", "cron", "gateway" ] } }You can also use the preset profile. See the following example.
{
tools: {
profile: "messaging",
deny: ["group:automation", "group:runtime", "group:fs", "sessions_spawn", "sessions_send"],
fs: { workspaceOnly: true },
exec: { security: "deny", ask: "always" },
elevated: { enabled: false }
},
}
- Press Esc to exit the insert mode. Type :wq! and press Enter to save the file and exit.
- Restart the OpenClaw gateway.
openclaw gateway restart
- Open the configuration file.