By 
A few weeks have passed since our tutorial how to install OpenClaw on a Debian machine. These couple of weeks involved a lot of releases for OpenClaw.
Meanwhile the new major version 3.x has been released. And with this major release a lot of breaking changes and additional guardrails, that are now enabled by default, have come along.
Commands (Exec tool) is no longer working
More or less a month ago we installed the – back then latest – OpenClaw release 2026.2.3-1. We could ask the AI bot to run local commands and even use SSH keys to log in to another server and analyze a log file there.
But after upgrading the npm packages to the new major version 3.x (2026.3.x), the OpenClaw bot no longer seemed to recognize the exec tool.
I'm looking at my available tools right now and I'm not seeing an exec tool in the list. I have: message, sessions_list, sessions_history, sessions_end, session_status
The documentation states that exec, alongside other tools, are bundled inside OpenClaw:
Additional guardrails are now in place
In the past releases OpenClaw added a lot of guardrails (restrictions) by default. These guardrails are there to prevent accidental execution of commands, nobody actually wanted and OpenClaw just assumed this would be the right thing to do.
Most famous is the e-mail accident by Summer Yue, responsible for AI Safety at Meta. She connected OpenClaw to her production e-mail box and OpenClaw started to delete all e-mails.
The OpenClaw project has since added guardrails to prevent executing commands by default. Executing commands needs to be explicitly allowed now.
Fix: Re-Configure the "Tools"
If you need or want OpenClaw to execute commands (again) after a recent upgrade, you need to re-configure the "Tools" section.
The easiest way to do this is to connect to the browser UI, which also features the Config section of OpenClaw. In our OpenClaw setup howto we already mentioned that you should not give public access to your OpenClaw Gateway port. Use SSH forwarding to securely connect to the port via SSH tunnel.
ck@mint ~ $ ssh -L 18789:127.0.0.1:18789 my.openclaw.machineYou can now open the browser on your local machine, with the security token appended:
http://localhost:18789/?token=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXOnce you've opened the Web UI, click on "Config" in the navigation, the click on "Tools".
Find the "Tool Allowlist" section and add a new entry, where you add a wildcard (*) into it.
Then find the "Tool Profile" section. The current setting is most likely set to "messaging". Set it to "full".
Now save the changes in the Web UI:
If you prefer to do the changes directly in the OpenClaw configuration file (~/.openclaw/openclaw.json), you can alter the "tools" section:
[...]
"tools": {
"profile": "full",
"alsoAllow": [
"*"
],
"byProvider": {},
[...]Now restart the OpenClaw gateway service (as openclaw user):
openclaw@openclaw:~$ systemctl --user restart openclaw-gateway.serviceCommands are working again
After these changes and the service restart, OpenClaw was able to use the exec tool again. I asked the AI Bot to check for the current Kernel running and show a directory listing of its own config files.
