Phase 3 / Ep 13: Permission Model Overview —— tools.profile and Security Philosophy
🎯 Learning Objective: Understand OpenClaw's tiered permission design and master the tools.profile configuration.
1. Security Philosophy: Principle of Least Privilege
OpenClaw Agents possess powerful tool capabilities. Power means danger—if you give an Agent full Shell access, it might accidentally delete your files.
Core Principle: Never give an Agent unnecessary capabilities.
2. Four-Tier Permission Model
graph LR
Basic["🟢 basic\nRead-only · No Shell\nSecure Chat"] --> Standard["🟡 standard\nFile Read/Write\nLimited Shell"]
Standard --> Coding["🔵 coding\nFull Shell\nCode Execution · Git"]
Coding --> Full["🔴 full\nSystem-level Access\nNetwork · Process Management"]
style Basic fill:#dcfce7,stroke:#16a34a
style Standard fill:#fef9c3,stroke:#ca8a04
style Coding fill:#dbeafe,stroke:#2563eb
style Full fill:#fee2e2,stroke:#dc26263. Capability Comparison Table
| Capability | 🟢 basic | 🟡 standard | 🔵 coding | 🔴 full |
|---|---|---|---|---|
| Chat Response | ✅ | ✅ | ✅ | ✅ |
| File Read | ✅ | ✅ | ✅ | ✅ |
| File Write | ❌ | ✅ | ✅ | ✅ |
| Shell Commands | ❌ | Restricted Whitelist | ✅ | ✅ |
| Git Operations | ❌ | ❌ | ✅ | ✅ |
| Code Execution | ❌ | ❌ | ✅ | ✅ |
| Network Access | ❌ | ❌ | Restricted | ✅ |
| Process Management | ❌ | ❌ | ❌ | ✅ |
| System Configuration | ❌ | ❌ | ❌ | ✅ |
4. Configuration Method
# Set permission level
openclaw config set tools.profile basic
openclaw config set tools.profile standard
openclaw config set tools.profile coding
openclaw config set tools.profile full
# Set for a specific Agent
openclaw agents config code-agent tools.profile coding
openclaw agents config ops-agent tools.profile full
5. Typical Configuration Scenarios
| Agent Type | Recommended Permission | Runtime Environment | Reason |
|---|---|---|---|
| Daily Assistant | basic | Any | Only needs chat and reminders |
| Content Creation | standard | Any | Needs to read and write files |
| Coding Assistant | coding | Native / Docker | Needs Shell and Git |
| Ops & Monitoring | full | Docker/VM Only | Needs system-level permissions |
⚠️ Red Line: Never use the
fullpermission in a native macOS environment. It must be run in a Docker container or UTM virtual machine.
Next Episode Preview: Ep 14, use the coding permission to make the Agent your programming assistant—clone repositories, write code, run tests, and submit PRs.