verified tools

Grant OpenClaw Shell Access Safely

intermediate199 reads
Bookmark

Shell access is OpenClaw's most powerful—and most consequential—capability. When OpenClaw can run terminal commands, it can deploy apps, manage files, restart services, and automate anything scriptable. Used carefully, it's transformative. Used carelessly, it's risky. This tutorial covers how to enable shell access with appropriate safeguards.

Prerequisites

  • OpenClaw installed and running
  • A specific automation goal that requires shell commands (deployment, file management, database queries)
  • Basic familiarity with your operating system's terminal

Step 1: Install the shell skill

openclaw skills install shell

This installs the skill that lets OpenClaw execute terminal commands. By default, it runs with the permissions of your current user account—not root or admin.

Step 2: Configure the permission scope

Shell access can be scoped. Edit ~/.openclaw/config.yaml:

shell:
  enabled: true
  allowed_commands:
    - git
    - npm
    - docker
    - kubectl
  blocked_commands:
    - rm -rf
    - sudo
    - passwd

allowed_commands creates a whitelist—OpenClaw can only run commands starting with these executables. blocked_commands adds an additional block layer for destructive patterns even within allowed tools.

Start restrictive. Add commands as you confirm they're needed.

Step 3: Enable dry-run mode for testing

Add to config:

shell:
  dry_run: true

In dry-run mode, OpenClaw shows you the command it would run but doesn't execute it. Use this when testing new automation flows.

Step 4: Your first shell task

With dry-run on, send OpenClaw:

"Check the disk usage of my home directory and show the top 10 largest folders."

OpenClaw will show you the command it would run (du -sh ~/*/ | sort -rh | head -10). Review it. If it looks right, disable dry-run and try again.

Step 5: Gradual expansion

Start with read-only operations: disk usage, log reading, process status. Then expand to write operations: file management, service restarts. Only add deployment and destructive operations after you've established trust in OpenClaw's judgment.

Safety rules of thumb

  • Never run OpenClaw as root or with sudo enabled
  • Keep dry_run: true while exploring new automation flows
  • Use version control (git) for any codebase OpenClaw touches
  • Review plans carefully before approving destructive actions
  • Keep a backup before automation touches important files

Related tutorials

Discussion

  • Loading…

← Back to Tutorials