OpenClaw Exec Policy Auditor
Build and audit your OpenClaw execution approval policies interactively. Configure per-channel approval modes, define shell command allow/block lists, set sandbox rules, and export a ready-to-use YAML config — based on 7 security PRs merged on March 30, 2026.
What the Auditor Checks
Based on security hardening merged into OpenClaw on March 30, 2026.
Shell Carrier Blocking
Audit your exec approval targets against the new shell carrier blocklist from PR #57871 — preventing bash, sh, and cmd from bypassing approval guardrails.
Unified Channel Approvals
Configure approval modes (auto-approve, require-approval, block) per channel — Discord, Telegram, Slack, Matrix, Voice — based on the unified approval refactor in PR #57838.
Shell-Side Guardrails
Validate that your exec policy enforces the hardened shell-side approval guardrails introduced in PR #57839 — no more unreviewed shell execution.
Network Request Guards
Check that marketplace and Ollama network requests are properly guarded with the protections from PR #57850 — blocking unauthorized outbound calls.
Env Sanitization Rules
Verify sandbox SSH subprocess env sanitization (PR #57848) and compiler env override blocking (PR #57832) are correctly configured.
Config Interpolation Safety
Ensure config files are opened without shell interpolation as required by PR #57921 — preventing variable expansion attacks in gateway configs.
Build Your Exec Policy
Select your channels, configure approval modes, define allowed commands, and generate a secure YAML config.
Quick Start Presets
Load a preset to get started, then customize to match your setup.
Channel Approval Modes
Configure how each channel handles exec approval — unified per PR #57838.
Command Allow / Block Lists
Define which commands are auto-approved and which are always blocked — per PRs #57839 and #57871.
Allowlist (auto-approved)
Blocklist (always denied)
Sandbox & Environment Rules
Configure sandbox isolation and environment sanitization settings.
No Policy
Enable channels to start your audit
0
Critical
0
Warnings
1
Info
Audit Findings (1)
No channels are enabled. Enable at least one channel to generate a meaningful policy.
Fix: Toggle on the channels your OpenClaw instance uses.
Deploy OpenClaw with DeployClaw
Get built-in exec policy enforcement, sandbox isolation, and security hardening out of the box.
Frequently Asked Questions
What are exec approval policies in OpenClaw?
Exec approval policies control which commands an OpenClaw agent can run and whether they need human approval first. Since PR #57838 (merged March 30, 2026), approvals are unified across all channels — Discord, Telegram, Slack, Matrix, and Voice — with consistent guardrails and routing logic.
What are shell carrier targets and why are they blocked?
Shell carriers are executables like bash, sh, cmd, and powershell that can execute arbitrary commands. PR #57871 blocks these as exec approval targets because an agent could use them to bypass command-level approval — running 'bash -c "rm -rf /"' instead of 'rm -rf /' directly. The auditor flags any allowed commands that are shell carriers.
How do per-channel approval modes work?
Each channel (Discord, Telegram, Slack, Matrix, Voice) can have its own approval mode: 'auto-approve' executes commands without human review, 'require-approval' pauses for human confirmation, and 'block' prevents execution entirely. The unified refactor in PR #57838 ensures these modes are enforced consistently regardless of which channel the request originates from.
What env variables does the sandbox sanitizer remove?
Based on PR #57848, the sandbox sanitizer removes SSH-related env vars (SSH_AUTH_SOCK, SSH_AGENT_PID) from subprocess environments to prevent credential leakage. PR #57832 additionally blocks compiler env overrides (CC, CXX, CFLAGS, LDFLAGS) that could inject malicious compilation flags in macOS environments.
Is my policy configuration sent to any server?
No. The entire auditor runs client-side in your browser. Your policy configuration never leaves your machine — there are no network requests, no server-side processing, and no data storage. The generated YAML config is assembled locally and copied to your clipboard.
Can I import an existing policy YAML?
Not yet — this tool is designed for building new policies from scratch and auditing them against the latest OpenClaw security rules. You can use the generated YAML as a starting point and customize it further in your OpenClaw configuration.