OpenClaw Config Reference

OpenClaw configuration reference for openclaw.json. Use when asked about config, configuration, gateway settings, channel setup, agent config, session manage...

This skill is documentation only and appears coherent for its stated purpose. It contains many explicit commands and file paths that, if executed, will modify local configuration, start/stop services, or reveal/store secrets. Before installing or allowing autonomous use: (1) treat it as read-only documentation — do not grant the skill permission to run shell commands or access your filesystem unless you explicitly trust and inspect each action; (2) don't enable features that let chat users modify config (e.g., commands.config: true or open DM policy) without strict access controls; (3) keep secrets out of openclaw.json and use ~/.openclaw/.env with strict permissions (chmod 600); (4) be cautious about enabling remote browser CDP URLs, webhooks, or binding the gateway to LAN without proper auth; and (5) verify the skill/source if you need higher assurance (homepage and owner are listed but source repository is not provided). If you want the agent to perform any of the documented commands, explicitly review and approve each command first.

Type: OpenClaw Skill Name: openclaw-config-reference Version: 1.0.0 This skill bundle, consisting entirely of documentation files, is classified as suspicious due to its detailed description of numerous powerful and security-sensitive configurations and commands. While the documentation explicitly warns against misconfigurations (e.g., `commands.config: true`, `tools.elevated.enabled: true` with open DM policy, `gateway.bind: "lan"` without authentication, hardcoding secrets), these capabilities (such as arbitrary code execution via `tools.exec.security: "allow"`, broad file system access, shell environment inheritance via `env.shellEnv: true`, and direct prompt injection via webhook data in `references/session.md`) represent significant attack surfaces and potential vulnerabilities if an AI agent is maliciously prompted or the system is misconfigured. The documentation itself does not contain malicious code or instructions, but it outlines the means for severe system compromise.