Description

Exec approvals are requesting user confirmation even when security: "full" and ask: "off" are set in exec-approvals.json. This prevents commands from running via Discord/Telegram since the approval prompt cannot be answered from those channels.

According to the docs, security: "full" should "allow everything (equivalent to elevated)" and ask: "off" should "never prompt". However, approval requests are still being generated for non-webchat channels (Discord, Telegram), timing out after ~120 seconds.

Expected Behavior

With the following config, no approval prompts should appear and commands should execute immediately:

{
  "defaults": {
    "security": "full",
    "ask": "off",
    "autoAllowSkills": true
  },
  "agents": {
    "main": {
      "security": "full",
      "ask": "off",
      "autoAllowSkills": true
    }
  }
}

Actual Behavior

Approval requests are generated and time out:

exec.approval.waitDecision 119984ms conn=33bd371e…2cb5 id=952f1d76…ab49
exec.approval.waitDecision 119988ms conn=838e9314…3d6c id=5063715c…462d

These timeouts come from Discord channel sessions (session:agent:main:discord:channel:...).

The session status shows elevated but the actual execution context appears to be runtime=direct for non-webchat providers.

Steps to Reproduce

1. Configure exec-approvals.json with security: "full" and ask: "off"
2. Send an exec command from Discord or Telegram
3. Command times out waiting for approval

Environment

• OpenClaw version: 2026.2.23
• Channels affected: Discord, Telegram (webchat works fine)
• Config location: ~/.openclaw/exec-approvals.json

Possible Cause

The exec-approvals system may not be properly checking the security: "full" setting when the session originates from non-webchat channels, or there's a mismatch between the runtime detection and the approval bypass logic.

Workaround

Using allowlist mode as a workaround, but this shouldn't be necessary with security: "full".