nyrn
/
openclaw
mirror of https://github.com/openclaw/openclaw.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

docs: fix tools-invoke default deny list (was missing 8 of 13 entries)

This commit is contained in:
Vincent Koc 2026-03-31 14:21:36 +09:00
parent ab8d999917
commit d352bd050a
1 changed files with 13 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
docs/gateway/tools-invoke-http-api.md
View File

@ -68,11 +68,19 @@ Important boundary notes:
Gateway HTTP also applies a hard deny list by default (even if session policy allows the tool):
- `cron`
- `sessions_spawn`
- `sessions_send`
- `gateway`
- `whatsapp_login`
- `exec` — direct command execution (RCE surface)
- `spawn` — arbitrary child process creation (RCE surface)
- `shell` — shell command execution (RCE surface)
- `fs_write` — arbitrary file mutation on the host
- `fs_delete` — arbitrary file deletion on the host
- `fs_move` — arbitrary file move/rename on the host
- `apply_patch` — patch application can rewrite arbitrary files
- `sessions_spawn` — session orchestration; spawning agents remotely is RCE
- `sessions_send` — cross-session message injection
- `cron` — persistent automation control plane
- `gateway` — gateway control plane; prevents reconfiguration via HTTP
- `nodes` — node command relay can reach system.run on paired hosts
- `whatsapp_login` — interactive setup requiring terminal QR scan; hangs on HTTP
You can customize this deny list via `gateway.tools`: