OpenClaw Install / Docs / Gateway / Skills
EN
Get Started
Home

Switch language

简体中文 English
Start Install GuideQuick StartDocs Overview
Docs ChannelsModels & APIGateway OpsTools & Skills
More ArticlesResourcesHelp Center
Get Started
Documentation navigation Tools & Skills

Current Section

On This Page

Tools & Skills 3 sections 3 key facts

Command Execution

Exec

exec runs shell commands inside the workspace and relies on process for foreground or background sessions. The key question is not just how to run a command, but on which host and under which security policy it runs.

Exec Approvals Tools Overview Security

Key Parameters

command, workdir and env define the command and its environment.

yieldMs, background and timeout control foreground versus background behavior and timeouts.

host selects where the command runs: sandbox | gateway | node.

security, ask and elevated control approvals and security policy.

Typical Examples

Foreground execution

{"tool":"exec","command":"ls -la"}

Background execution and polling

{"tool":"exec","command":"npm run build","yieldMs":1000}
{"tool":"process","action":"poll","sessionId":"<id>"}

Session-level defaults

/exec host=gateway security=allowlist ask=on-miss node=mac-1

Usage Notes

Host

sandbox is not always a container

If sandbox isolation is disabled, host=sandbox may still execute directly on the Gateway host. Always confirm the current isolation mode before assuming safety.

Security

Host execution rejects PATH hijacking

host=gateway and host=node reject dangerous PATH or loader overrides to reduce binary hijacking risk.