If you updated to OpenClaw 2026.4.1 and suddenly your agent can't run shell commands, won't execute scripts, or keeps prompting you to approve things you already approved — you're not alone. This is the most common support ticket we're seeing this week.
The culprit is one missing or reset file: ~/.openclaw/exec-approvals.json.
What changed in 2026.4.1: OpenClaw now treats exec-approvals.json as the authoritative source for exec permissions. If the file doesn't exist — or if it was reset during the update — the runtime defaults to blocking all exec commands until you explicitly approve them.
Step 1 — Confirm This Is Your Problem
Run this in your terminal:
cat ~/.openclaw/exec-approvals.json 2>/dev/null || echo "FILE NOT FOUND"
If you see FILE NOT FOUND or an empty file ({}), that's your issue.
Also check your main config to see what exec security mode you're in:
cat ~/.openclaw/openclaw.json | grep -A 5 '"exec"'
You want to see:
{
"tools": {
"exec": {
"security": "full",
"ask": "off"
}
}
}
If "ask" is missing or set to "on-miss", that's why it keeps asking.
Step 2 — Fix exec-approvals.json
There are two approaches depending on your use case:
Option A — Trusted local machine (recommended for most users)
If you're running OpenClaw on a machine you control and you don't want per-command approvals:
cat > ~/.openclaw/exec-approvals.json << 'EOF'
{
"version": 1,
"rules": [
{
"pattern": "*",
"action": "allow",
"scope": "always"
}
]
}
EOF
Option B — Selective approvals (more secure)
If you want to allow common commands but block risky ones:
cat > ~/.openclaw/exec-approvals.json << 'EOF'
{
"version": 1,
"rules": [
{
"pattern": "git *",
"action": "allow",
"scope": "always"
},
{
"pattern": "npm *",
"action": "allow",
"scope": "always"
},
{
"pattern": "ls *",
"action": "allow",
"scope": "always"
},
{
"pattern": "cat *",
"action": "allow",
"scope": "always"
},
{
"pattern": "rm -rf *",
"action": "deny"
}
]
}
EOF
Step 3 — Update openclaw.json
Make sure your main config file also reflects your intent. Open ~/.openclaw/openclaw.json and verify the tools block exists and is correct:
"tools": {
"exec": {
"host": "gateway",
"security": "full",
"ask": "off"
}
}
Note: If you're using an approval channel (Discord, Slack, Telegram) for remote approvals, set "ask": "on-miss" instead of "off". That way you get prompts for unknown commands but approved ones run freely.
Step 4 — Restart the Gateway
openclaw gateway restart
Then test with a simple exec call in your agent. If it runs without prompting, you're fixed.
Why Did This Happen?
The 2026.4.1 update introduced a hardening change: the exec permission system was decoupled from the main config and given its own dedicated file. This is actually a good security improvement — it means you can audit and version-control your approval rules separately.
The problem is the migration wasn't clean for everyone. On some setups, especially those that did a npm install -g openclaw@latest over an existing install, the file either wasn't created or the defaults were applied (block everything) rather than carrying over existing behavior.
Going forward: Before any major OpenClaw update, run openclaw backup create. This snapshots your full config directory, including exec-approvals.json, so you can restore it in 30 seconds if an update resets something.
Still Blocked After the Fix?
Three things to check:
- Gateway not restarted — the file is only read at startup. Always restart after editing.
- Multiple config directories — if you have OpenClaw installed in both
~/.openclawand a project-local directory, make sure you're editing the right one. Runopenclaw config pathto confirm. - JSON syntax error — validate with
cat ~/.openclaw/exec-approvals.json | python3 -m json.tool. A single misplaced comma breaks the whole file silently.
If none of those work, the fastest path is a clean config audit — which is exactly what our $49 Audit covers.