https://jidzhang.github.io/tags/%E6%8E%92%E9%9A%9C/Recent content in 排障 on 疯狂的键盘Hugozh-cnSat, 04 Apr 2026 00:00:00 +0000https://jidzhang.github.io/posts/2026-04-04-openclaw-upgrade-approval-fix/Sat, 04 Apr 2026 00:00:00 +0000https://jidzhang.github.io/posts/2026-04-04-openclaw-upgrade-approval-fix/<h2 id="问题">问题</h2> <p>升级 OpenClaw 3.31 后，执行命令频繁弹出 <code>/approve</code> 要求手动审批。关掉 <code>ask</code> 之后命令还是报 <code>exec denied: allowlist miss</code>，依然跑不了。</p> <h2 id="原因">原因</h2> <p>OpenClaw 新版把执行权限拆成了<strong>两层</strong>：</p> <ol> <li><strong>审批层</strong>（<code>ask</code>）—— 决定要不要弹窗让你批准</li> <li><strong>执行层</strong>（<code>security</code>）—— 决定命令有没有资格执行</li> </ol> <p>很多人只改了第一层，第二层没动，所以审批没了但命令还是死。<strong>不弹窗 ≠ 放行。</strong></p> <h2 id="解决方案">解决方案</h2> <p>打开 <code>~/.openclaw/openclaw.json</code>，确保 <code>tools.exec</code> 同时配置这两项：</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-json" data-lang="json"><span class="line"><span class="cl"><span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;tools&#34;</span><span class="p">:</span> <span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;exec&#34;</span><span class="p">:</span> <span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;ask&#34;</span><span class="p">:</span> <span class="s2">&#34;off&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;security&#34;</span><span class="p">:</span> <span class="s2">&#34;full&#34;</span> </span></span><span class="line"><span class="cl"> <span class="p">}</span> </span></span><span class="line"><span class="cl"> <span class="p">}</span> </span></span><span class="line"><span class="cl"><span class="p">}</span> </span></span></code></pre></div><ul> <li><code>ask: &quot;off&quot;</code> —— 不再弹审批</li> <li><code>security: &quot;full&quot;</code> —— 放开执行权限</li> </ul> <p>改完后执行：</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">openclaw config validate </span></span><span class="line"><span class="cl">openclaw gateway restart </span></span></code></pre></div><p>用一个最轻的命令验证：</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="nb">pwd</span> </span></span></code></pre></div><p>能直接返回路径就说明生效了。</p> <h2 id="注意事项">注意事项</h2> <p>这套配置适合<strong>单人使用、追求效率</strong>的场景。如果你的 OpenClaw 是多人共享或挂在群聊里，<code>security: &quot;full&quot;</code> 风险较大，建议用 <code>allowlist</code> 模式精细控制。</p>