← Back to Skills Marketplace

Fix Exec Allowlist Miss

Name: Fix Exec Allowlist Miss
Author: rabbykst

by Fazlay Rabby · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install fix-exec-allowlist-miss

Description

Hybrid reload mode auto-restarts for gateway/plugins changes. Config patching requires baseHash from config.get first. Minimax cron auth uses system-level to...

README (SKILL.md)

Diagnosing exec deny:

Check tools.exec.security and tools.profile in config
If profile=coding and security=full still denied → profile baseline missing exec
Use gateway tool: gateway('config.patch', {raw: '{tools:{profile:"full"}}'})
Hot-reload applies automatically in hybrid mode; explicit restart via gateway restart if needed
Verify: gateway('config.get', {}) → confirm profile=full

Config patch workflow (atomic, hash-verified):

gateway('config.get', {}) → capture payload.hash
gateway('config.patch', {raw: '...', baseHash: '\x3Chash>'})
Rate limit: 3 req/60s per deviceId+clientIp. Restart coalesces with 30s cooldown.

Hot-apply vs restart fields (hybrid mode): Hot-apply (no restart): channels, agent, models, routing, hooks, cron, session, messages, tools, browser, skills, mcp, audio, talk, ui, logging, identity, bindings Restart required: gateway.* (port, bind, auth, TLS, HTTP), discovery, plugins gateway.reload and gateway.remote changes do NOT trigger restart.

Minimax OAuth failure (ConnectionRefused / 401):

Cron jobs use system-level auth, not current session OAuth → isolated session
If minimax portal token expired: gateway('update.run', {continuationMessage: '...'}) attempts re-auth on restart
Fallback: openclaw config set models.providers.minimax-portal.apiKey '\x3Ckey>'

Workflow

Config patch protected paths:

Cannot patch channel-specific configs (e.g., whatsapp:8801322964987)
Raw must be object, not string — wrong: gateway('config.patch', {raw: '{...}'})
Right: gateway('config.patch', {raw: {channels: {...}}})
Protected paths raise error: gateway config.patch cannot change protected config paths: \x3Cpath>

Usage Guidance

Review before installing. This skill is not showing malware-like behavior, but it guides an agent to broaden gateway exec/profile settings persistently. Only use it if you understand the OpenClaw gateway config change, verify the current config with config.get first, require hash-verified patches, and keep a rollback path for the previous profile/security settings.

Capability Tags

requires-oauth-tokenrequires-sensitive-credentials

Capability Assessment

⚠ Purpose & Capability

The stated purpose is to fix exec allowlist misses, and reading/patching gateway config fits that purpose, but the central action is high-impact: changing tool/profile settings toward broader exec capability.

⚠ Instruction Scope

The skill says config patching requires a baseHash from config.get, but its first remediation example patches tools.profile without baseHash, and it gives conflicting raw parameter formats.

✓ Install Mechanism

The artifact is a single markdown SKILL.md with no executable scripts, package dependencies, installer, or hidden runtime files.

ℹ Credentials

The skill mentions OAuth/token troubleshooting and setting a Minimax API key, which is related to its gateway troubleshooting purpose but should be handled carefully as sensitive credential material.

⚠ Persistence & Privilege

The workflow makes persistent gateway configuration changes and may trigger reloads/restarts; enabling a broader profile to restore exec is security-relevant and lacks explicit user confirmation, rollback, or containment guidance.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install fix-exec-allowlist-miss
After installation, invoke the skill by name or use /fix-exec-allowlist-miss
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

Initial release with detailed workflow for diagnosing and resolving exec allowlist misses. - Supports hybrid reload with automatic restarts for gateway and plugin changes. - Config patching requires hash from config.get and enforces rate limits. - Lists which config changes hot-apply versus require a restart. - Documents Minimax cron authentication: now uses system-level tokens, not session OAuth. - Details protected config patch paths and proper patch structure.

Metadata

Slug fix-exec-allowlist-miss

Version 1.0.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is Fix Exec Allowlist Miss?

Hybrid reload mode auto-restarts for gateway/plugins changes. Config patching requires baseHash from config.get first. Minimax cron auth uses system-level to... It is an AI Agent Skill for Claude Code / OpenClaw, with 36 downloads so far.

How do I install Fix Exec Allowlist Miss?

Run "/install fix-exec-allowlist-miss" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Fix Exec Allowlist Miss free?

Yes, Fix Exec Allowlist Miss is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Fix Exec Allowlist Miss support?

Fix Exec Allowlist Miss is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Fix Exec Allowlist Miss?

It is built and maintained by Fazlay Rabby (@rabbykst); the current version is v1.0.0.

More Skills