ACP 权限闸门:非 read/search 权限改为显式确认,避免静默越权
解决 ACP 工具调用权限边界不清导致的误执行。前置:使用 ACP 且存在写操作工具。步骤:区分只读与写权限→触发一次写动作确认弹窗→固化审批策略→记录审计。关键点:非 read/search 必须显式授权。验证:写权限请求会触发人工确认。风险:将写权限长期默认放行会削弱安全边界。
GITHUBDiscovered 2026-02-14Author OpenClaw maintainers
Prerequisites
- ACP-enabled workflows are in use and include at least one non-read operation.
- Operators know which actions are low-risk read vs high-risk side-effect writes.
Steps
- Inventory ACP actions and tag each permission as read/search or side-effecting write.
- Run a controlled write-action test and verify explicit permission prompt appears.
- Update runbooks: require approval evidence for every non-read ACP action.
- Review audit logs weekly for denied/approved patterns and tighten defaults.
Commands
openclaw gateway statusopenclaw helpVerify
Any non-read/search ACP action now requires an explicit confirmation step before execution.
Caveats
- Human approval quality matters; weak review still permits risky writes.
- Custom ACP adapters may implement permission labels differently(需验证).
Source attribution
This tip is aggregated from community/public sources and preserved with attribution.
Open original source ↗