github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-02 02:56:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(security): clarify denyCommands exact-match guidance

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-26 00:55:25 +01:00
parent eb73e87f18
commit 42f455739f
5 changed files with 30 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/config/schema.help.ts
View File

@@ -330,7 +330,7 @@ export const FIELD_HELP: Record<string, string> = {
"gateway.nodes.allowCommands":
"Extra node.invoke commands to allow beyond the gateway defaults (array of command strings). Enabling dangerous commands here is a security-sensitive override and is flagged by `openclaw security audit`.",
"gateway.nodes.denyCommands":
"Commands to block even if present in node claims or default allowlist.",
"Node command names to block even if present in node claims or default allowlist (exact command-name matching only, e.g. `system.run`; does not inspect shell text inside that command).",
nodeHost:
"Node host controls for features exposed from this gateway node to other nodes or clients. Keep defaults unless you intentionally proxy local capabilities across your node network.",
"nodeHost.browserProxy":