Complete reference for openclaw approvals, viewing and replacing exec approval configurations, and managing per-agent allowlists across local, gateway, and remote node targets.
What are Exec Approvals?
Approvals are the permission layer that controls which host binaries a sandboxed agent is allowed to execute. The configuration lives in ~/openclaw/exec-approvals.json on each respective host, meaning the local machine, the Gateway host, or a remote node each maintain their own copy. The openclaw approvals command lets you inspect and overwrite that file, and manage its allowlist entries, without SSHing into anything or editing JSON by hand.
Picking the Right Target
Every subcommand supports three targeting modes via redirect flags: no flag runs against your local host, –gateway targets the Gateway host, and –node <id|name|ip> targets a specific remote node.
Before targeting a remote node, verify it advertises the system.execApprovals.get/set capability, use /acp doctor if you’re unsure. For allowlist edits, also check whether you need to scope the rule to a specific agent with –agent <id> or leave it at the default * (all agents).
Target Redirect Flags
All openclaw approvals subcommands accept the same three targeting modes. These flags are additive, omitting both runs the command locally.
| Local (default) no flag Runs against the local host where the CLI is executing. | Gateway –gateway Targets the Gateway host’s approval configuration. | Remote Node –node <id|name|ip> Targets a specific remote node. Accepts an ID, name, IP address, or ID prefix. |
Remote node targeting requires the node host to advertise the system.execApprovals.get/set capability. This is supported by the macOS companion app and the headless node host. Other node types may silently fail or return a capability error.
Subcommand Reference
Openclaw Approvals Get
Reads and displays the current exec approvals configuration from the target host. Use this before making changes to understand the current state.
shellall three targeting variants
# Local host openclaw approvals get # Gateway host openclaw approvals get --gateway # Specific remote node openclaw approvals get --node <id|name|ip>
Openclaw Approvals Set
Replaces the entire exec approvals configuration on the target host by loading a new JSON file. This is a full overwrite, not a merge. Always run approvals get first to snapshot the current config if you need a rollback point.
shellall three targeting variants
# Local host openclaw approvals set --file /exec-approvals.json # Gateway host openclaw approvals set --gateway --file /exec-approvals.json # Specific remote node openclaw approvals set --node <id|name|ip> --file /exec-approvals.json
The approvals file is stored locally on each respective host at ~/openclaw/exec-approvals.json. When targeting a remote node or the gateway, –file should be a path readable from your local machine, the CLI uploads the content to the target.
Openclaw Approvals Allowlist
Adds or removes command patterns to control which host binaries sandboxed agents are permitted to execute. Operates on the allowlist section of the approvals config directly, no JSON file required.
Add
The add examples were referenced in the source content but not included. Add your openclaw approvals allowlist add command examples here.
remove
The remove example was referenced in the source content but not included. Add your openclaw approvals allowlist remove command example here.
Important Notes
These behaviours aren’t obvious from the flag signatures alone, worth internalising before pushing approval changes to production nodes.
- Agent Scoping: When modifying allowlists, the –agent flag defaults to *, which applies the rule to all agents. To restrict a pattern to one specific agent, pass –agent <id> explicitly. This prevents an allowlist entry intended for one agent from inadvertently unlocking access for others.
- Node Capability Requirement: If you are targeting a remote node, the node host must advertise the system.execApprovals.get/set capability. This is supported by the macOS companion app and the headless node host. Nodes that don’t expose this capability will reject the command, run /acp doctor to check advertised capabilities before targeting.
- Storage Location: Approvals are stored locally on each respective host at ~/openclaw/exec-approvals.json. The local host, the Gateway host, and each remote node each maintain a completely independent copy. A set command targeting one host has no effect on the others.
