Elevated tools usage acknowledged
What this checks
Checks whether elevated tools are enabled and prompts user acknowledgement.
Why it matters
Elevated tools grant broad system access. While expected for personal-assistant deployments, operators should consciously acknowledge this configuration.
How to fix it
This is an experimental informational control. Elevated tools (shell execution, system-level access) are powerful by design this note simply flags that they are active so you can confirm it's intentional.
Option A Intentional (personal assistant). If elevated tools are deliberately enabled for a trusted user, acknowledge and silence the note:
clawvitals exclude NC-OC-005 reason "personal assistant elevated tools intentional"Option B Restrict elevated tools. If you don't need elevated capabilities, disable them in your config:
tools:
elevated: falseOr disable specific tools selectively:
tools:
exec:
enabled: false
browser:
enabled: falseRestart the gateway after changes: openclaw gateway restart
Technical details
| Field | Value |
|---|---|
| Control ID | NC-OC-005 |
| Domain | OC |
| Severity | Info |
| Status | Experimental |
| Data source | attack_surface_detail |
| Source type | derived |
| Mode | Mode 1 (OpenClaw native) |
| Introduced in | Library v0.1.0 |
| OWASP LLM 2025 | LLM06: Excessive Agency |
False positive notes
Expected on personal-assistant deployments. The acknowledgement prompt prevents this from being a recurring noise finding.
Suppress this finding
If this finding is intentional or not applicable to your setup, you can exclude it:
clawvitals exclude NC-OC-005 reason "your reason here"Exclusions are auditable and expire automatically. See the exclusions guide.