feat(openclaw): add curl and python3 to exec allowed commands#1
feat(openclaw): add curl and python3 to exec allowed commands#1
Conversation
Enables OpenClaw agents to make HTTP API calls (curl) and run Python scripts (python3) from within the container. This allows use cases like creating n8n workflows via the REST API directly from an Open WebUI chat session. Tested: OpenClaw successfully wrote workflow JSON and POSTed it to n8n's /api/v1/workflows endpoint, creating a working webhook workflow. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
|
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 2759d68cd7
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| "exec": { | ||
| "enabled": true, | ||
| "allowedCommands": ["ls", "cat", "grep", "find", "head", "tail", "wc"] | ||
| "allowedCommands": ["ls", "cat", "grep", "find", "head", "tail", "wc", "curl", "python3"] |
There was a problem hiding this comment.
Allowlisting python3 defeats the purpose of the constrained allowedCommands model, because an agent can run arbitrary Python (for example via -c) and then invoke unrestricted subprocesses, network calls, and file operations that were previously blocked by command-level gating. In deployments where OpenClaw has mounted data/config volumes, this effectively expands execution from a small read-only toolset to near-arbitrary code execution inside the container, which is a significant security and containment regression.
Useful? React with 👍 / 👎.
1 participant
Summary
Add
curlandpython3to OpenClaw's allowed exec commands, enabling agents to make HTTP API calls and run scripts from within the container.Use case: Create n8n workflows from Open WebUI chat
With this change, a user can chat with the
openclawmodel in Open WebUI and ask it to create n8n workflows via the REST API:curl -X POST http://n8n:5678/api/v1/workflows -d @/tmp/wf.jsonDepends on: Light-Heart-Labs#438 (OpenClaw + Open WebUI integration)
Changes
openclaw-strix-halo.json: addcurl,python3totools.exec.allowedCommandsSecurity note
curlis restricted to commands the agent can run — it cannot escape the container. The OpenClaw container hasno-new-privileges:trueand resource limits.python3enables script execution for data processing tasks.Test plan
curl http://n8n:5678/api/v1/workflows— verify it executespython3works: ask OpenClaw to write and run a Python script🤖 Generated with Claude Code