Workspace file access scoped
What this checks
Checks that filesystem access is scoped to workspace when multi-user heuristics are detected.
Why it matters
Unrestricted filesystem access in a multi-user context allows any user to read/write arbitrary files on the host.
How to fix it
This is an experimental informational control. It fires when file system access is not scoped to the OpenClaw workspace, combined with signals of multi-user access.
Option A Scope file access to workspace. In your config, restrict the file system tool to the workspace directory:
tools:
fs:
workspaceOnly: trueThis prevents the agent from reading or writing files outside ~/.openclaw/workspace (or your configured workspace root). It has no effect on agent functionality within the workspace.
Option B Personal assistant (single trusted user). If you intentionally allow broad file access for a single trusted user, silence the note:
clawvitals exclude NC-OC-006 reason "personal assistant broad fs access intentional"Restart the gateway after config changes: openclaw gateway restart
Technical details
| Field | Value |
|---|---|
| Control ID | NC-OC-006 |
| Domain | OC |
| Severity | High |
| Status | Experimental |
| Data source | openclaw_security_audit |
| Source type | derived |
| Mode | Mode 1 (OpenClaw native) |
| Introduced in | Library v0.1.0 |
| OWASP LLM 2025 | LLM06: Excessive Agency |
False positive notes
Only fires when multi-user heuristic is active. Single-user deployments are unaffected.
Suppress this finding
If this finding is intentional or not applicable to your setup, you can exclude it:
clawvitals exclude NC-OC-006 reason "your reason here"Exclusions are auditable and expire automatically. See the exclusions guide.