All Things OpenClawAll Things OpenClaw
SECURITY • OpenClaw quick fix
Featured: @openclaw

Installing skills or plugins? Add an install-policy gate.

OpenClaw 2026.6.5 added `security.installPolicy`, a local command hook that can approve or block skill and plugin installs after source material is staged and before install/update continues. Use it when ClawHub, uploaded archives, Git/local skills, dependency installers, or plugins can change your agent surface. The operator rule is simple: stage first, inspect locally, fail closed if the policy command is missing, then smoke-test before trusting the new tool path.

In simple words: Make a safe copy if the step could change your setup, try the smallest check, then confirm OpenClaw is back to normal before doing more. The source link and commands stay below for people who want the technical detail.

Checklist
List every path that can add code to your OpenClaw setup: ClawHub skills, uploaded skill archives, Git/local skills, skill dependency installers, and plugin install/update sources.
Create a tiny trusted policy command outside the editable project tree; it should read the staged install metadata/source path, apply your local allow/deny rules, and return non-zero on uncertainty.
Enable `security.installPolicy` and prefer omitting `targets` unless you intentionally want a narrower scope; that keeps new supported install targets from silently failing open.
Fail-closed install policy shape to adapt
{
  "security": {
    "installPolicy": {
      "enabled": true,
      "exec": {
        "source": "exec",
        "command": "/usr/local/bin/openclaw-install-policy",
        "args": ["--json"],
        "timeoutMs": 10000,
        "noOutputTimeoutMs": 10000,
        "maxOutputBytes": 1048576,
        "passEnv": ["OPENCLAW_STATE_DIR", "PATH"],
        "trustedDirs": ["/usr/local/bin"]
      }
    }
  }
}
Point `exec.command` at an absolute trusted path, set short timeouts, bound output, and pass only the environment variables the policy really needs.
Test the guard twice: one allowed install should continue, and one deliberately denied or unknown install should fail before code becomes trusted.
Policy review receipt
- Install source/type staged by OpenClaw:
- Skill/plugin name and origin:
- Policy command path/version:
- Decision: allow / deny / unknown-deny
- Reason:
- Allowed smoke test completed:
- Rollback or remove command if smoke fails:
After any allowed install, run a minimal smoke test for filesystem, shell, browser, network, and gateway behavior before enabling unattended runs.
Success looks like
Skill/plugin installs stop before trust is granted when the local policy command is missing, times out, or rejects the staged source.
The policy review leaves a receipt that explains why a source was allowed, denied, or treated as unknown.
Allowed installs are followed by a small capability smoke test before unattended agents can use the new code path.

Source: OpenClaw v2026.6.5 release + install-policy docs · link