High-risk tools in OpenClaw
17 of the 129 tools in OpenClaw are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
abortExecuteAbort active run
-
acpExecuteRun and manage ACP-backed coding agents
-
agentExecuteRun one agent turn via the Gateway
-
authExecuteRun provider auth/login flow
-
bashExecuteRun a host command (if enabled).
-
capabilityExecuteRun provider capability commands (fallback alias: infer)
-
events_waitExecuteWait for the next queued OpenClaw conversation event.
-
gatewayExecuteRun, inspect, and query the OpenClaw Gateway
-
inferExecuteRun provider-backed model, media, search, and embedding commands
-
newExecuteReset the session (/reset).
-
nodeExecuteRun and manage the headless node host service
-
nodesExecutePair nodes and run node-host commands through the Gateway
-
proxyExecuteRun the OpenClaw debug proxy and inspect captured traffic
-
qaExecuteRun QA scenarios and launch the private QA debugger UI
-
restartExecuteRestart the gateway (if enabled).
-
stopExecuteStop the current run.
-
targetExecuteRun id, index, or session key
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.