Bug type

Behavior bug (incorrect output/state without crash)

Summary

Exec approvals are still required in webchat/control-ui even when tools.exec.ask is set to "off" and commands are listed in tools.exec.safeBins.

Steps to reproduce

1. Configure tools.exec with safeBins and ask="off" in openclaw.json.

   Example:

   tools:
   exec:
   ask: "off"
   safeBins:
   - ls
   - echo
   - grep

2. Start OpenClaw using docker-compose.

3. Connect to the agent via webchat / openclaw-control-ui.

4. Ask the agent to execute a simple command:

   ls -la /home/node/.openclaw/workspace

Expected behavior

Commands listed in tools.exec.safeBins should run without approval.

If tools.exec.ask is set to "off", no approval dialog should appear and the command should execute immediately.

Actual behavior

The Control UI still shows an exec approval dialog.

The command waits for manual approval even though:

• tools.exec.ask is set to "off"
• the command (ls) is listed in safeBins

In some cases, clicking "Allow once" appears not to resume the pending exec immediately.

OpenClaw version

2026.3.8

Operating system

Host OS: Windows 11 Gateway container: Linux (Docker)

Install method

docker

Model

anthropic/claude-sonnet-4.5

Provider / routing chain

openclaw -> anthropic

Config file / key location

~/.openclaw/openclaw.json Relevant section: tools: exec: ask: "off" safeBins: - ls - echo - cat - grep - head - tail - jq - wc - printf

Additional provider/model setup details

Standard Docker deployment using docker-compose with gateway and webchat/control-ui.

No custom provider routing or overrides.

Logs, screenshots, and evidence

Example command executed via webchat:

ls -la /home/node/.openclaw/workspace

Observed result:
Control UI displays an exec approval dialog instead of executing the command immediately.

This occurs consistently even when the command is listed in safeBins and tools.exec.ask is set to "off".

Impact and severity

Affected: Users running OpenClaw through webchat / openclaw-control-ui.

Severity: Medium–High (exec policy configuration does not behave as documented).

Frequency: 100% reproducible.

Consequence:
Trusted commands listed in safeBins still require manual approval, which slows down workflows and prevents fully automated tool execution.

Additional information

This issue is independent from external API integrations.

Supadata API integration was tested separately and works correctly when commands are executed directly in the container.

The problem appears specific to exec approval behavior in the webchat/control-ui channel.