Security: Path Safety / Allowlist
Path Validation Controls
Workspace Root Resolution
Allowlisted Top-level Directories
Workspace Validation
Last updated
Related pages

Security: Path Safety / Allowlist

This page documents workspace filesystem safety controls.

Path Validation Controls

Workspace path policy rejects:

traversal attempts (..)
invalid characters (including backslash and null byte)
escapes outside resolved workspace root
symlink escapes after realpath resolution

Workspace Root Resolution

Root resolves from a fallback chain:

settings workspace path
env vars
discovered OpenClaw config workspace
known workspace directories
nearest marker files
local fallback

Allowlisted Top-level Directories

Implemented allowlisted workspace directories include:

agents, overlays, skills, playbooks, plugins, agent-templates
memory, life, docs, tools, templates, canvas, projects

Strict mode can enforce root allowlist behavior with CLAWCONTROL_WORKSPACE_ALLOWLIST_ONLY=1.

Workspace Validation

Workspace validation checks include:

path exists and is directory
required AGENTS.md at workspace root
warnings for recommended structures (for example memory/, agents/, agent SOUL.md presence)

Last updated

2026-02-09

Networking local only Approvals typed confirm

⌘I