OpenClaw 2026.3.31 Exec Approval Errors: The Complete Fix Guide
Table of Contents
- [What Happened](#what-happened)
- [Why Single-Layer Fixes Don’t Work](#why-single-layer-fixes-dont-work)
- [The Dual-Layer Security Architecture](#the-dual-layer-security-architecture)
- [Step-by-Step Fix](#step-by-step-fix)
- [Restart and Verify](#restart-and-verify)
- [Security Warnings](#security-warnings)
- [Troubleshooting](#troubleshooting)
What Happened
OpenClaw 2026.3.31 introduced strengthened security policies for the exec tool. If you’ve upgraded recently, you likely started seeing annoying “exec approval required” errors—or worse, complete command execution failures.
You probably tried the obvious fix: setting `tools.exec.security` to `”full”` in your `openclaw.json`. But commands still got blocked.
You’re not alone. This is one of the most discussed issues in the OpenClaw community right now.
Why Single-Layer Fixes Don’t Work
Here’s the thing most users miss: OpenClaw uses a dual-layer security architecture.
Most tutorials only cover the Agent-side configuration. But that’s only half the picture.
“`
┌─────────────────────────────────────────────────────────┐
│ YOUR REQUEST │
└─────────────────────────────────────────────────────────┘
│
▼
┌────────────────────────┐
│ Agent-Side Policy │
│ (openclaw.json) │
│ “What can this agent │
│ theoretically do?” │
└────────────────────────┘
│
▼
┌────────────────────────┐
│ Host-Side Policy │
│ (exec-approvals.json) │
│ “What is actually │
│ allowed to run?” │
└────────────────────────┘
│
▼
┌────────────────────────┐
│ COMMAND EXECUTES │ OR │ COMMAND BLOCKED │
└─────────────────────────────────────────────────────────┘
“`
Both layers must align for unrestricted exec execution.
The Dual-Layer Security Architecture
Layer 1: Agent-Side Policy
File: `~/.openclaw/openclaw.json`
This controls what your Agent can *request*. Think of it as a permission slip your agent carries.
Layer 2: Host-Side Policy
File: `~/.openclaw/exec-approvals.json`
This is the actual gatekeeper. Even if your agent has permission to request anything, the host-side policy is the final arbiter of what actually executes.
Critical insight: The host-side policy acts as an *upper bound*. If host-side is more restrictive than agent-side, the host-side wins.
Step-by-Step Fix
Step 1: Fix Agent-Side Policy
Edit `~/.openclaw/openclaw.json`:
“`json
{
“tools”: {
“exec”: {
“security”: “full”,
“ask”: “off”
}
}
}
“`
> Pro tip: If your config already has other `tools` sub-items (like `profile`), merge this new `exec` block with existing content. Use JSON5 format (supports comments) for clarity.
Step 2: Fix Host-Side Policy
Create or edit `~/.openclaw/exec-approvals.json`:
“`json
{
“version”: 1,
“defaults”: {
“security”: “full”,
“ask”: “off”
},
“agents”: {
// Optional: Fine-tune per-agent for production environments
// “your-agent-name”: {
// “security”: “full”,
// “ask”: “off”
// }
}
}
“`
Key settings explained:
| Setting | Value | Meaning |
|———|——-|———|
| `security` | `”full”` | Allow all commands |
| `ask` | `”off”` | No human approval needed |
| `defaults` | object | Applies to all unspecified agents |
Restart and Verify
After modifying both files, you must restart the Gateway—config changes don’t take effect until restart.
“`bash
openclaw gateway restart
“`
Check status:
“`bash
openclaw gateway status
“`
What Should Work Now
- Cron scheduled tasks
- Heartbeat agents
- Any automation script requiring shell execution
- Simple commands like `ls`, `echo`, git operations
Security Warnings
⚠️ Setting `”security”: “full”` and `”ask”: “off”` significantly elevates permissions.
Only use this configuration if:
- You’re on a trusted local/private machine
- Your machine has proper firewall protection
- You’re in a controlled development environment
Not recommended for:
- Shared servers
- Production systems with untrusted access
- Machines exposed to the internet without protection
Always back up before upgrading:
“`bash
cp -r ~/.openclaw ~/.openclaw.backup-$(date +%Y%m%d)
“`
Troubleshooting
Still failing? Check these in order:
1. JSON syntax — Both config files must be valid JSON. Use a JSON validator.
2. Gateway restart — Did the restart actually complete? Check with `openclaw gateway status`.
3. Gateway logs — Get detailed error info:
“`bash
openclaw gateway logs
“`
4. Run diagnostics:
“`bash
openclaw doctor
“`
5. File paths — Default location is `~/.openclaw/` (Linux/macOS). Windows paths differ—check official docs.
Related Articles
- [Best AI Coding Tools for Developers in 2026](/ai-tools/ai-coding-tools-2026) — Boost your development workflow
- [Claude Code vs Cursor vs Copilot: Complete Comparison](/ai-productivity/claude-code-vs-cursor-vs-copilot) — Pick the right AI coding assistant
Conclusion
OpenClaw 2026.3.31’s exec approval errors frustrate many users, but the fix is straightforward once you understand the dual-layer architecture. Configure both `openclaw.json` and `exec-approvals.json`, then restart the Gateway.
For fully automated agents (cron jobs, heartbeat monitors, automation scripts), this configuration unlocks true zero-touch execution.
—
Found this helpful? Share it with other OpenClaw users facing the same issue. And drop a comment below if you have questions or additional tips!
Last Updated: April 2026
💰 想要了解更多搞钱技巧?关注「字清波」博客