Gateway & Execution Modes

Security configurations are managed under Dashboard > Settings > Gateway. This interface updates the global openclawSettings context, dynamically patching the underlying YAML configuration of your execution nodes.

You can restrict what an agent is physically capable of running by toggling the Execution Mode:

• Deny Mode: Blocks all exec tool calls. The agent is read-only via standard APIs.
• Allowlist Mode: Agents can execute shell commands, but they must pass a Regex validation check defined in your Gateway Settings.
• Full Sandbox Mode: Executes commands freely, but routes the payload exclusively into an ephemeral, network-isolated Docker container.

To connect a local desktop node to the ClawBotPro cloud dashboard without opening firewall ports, navigate to Dashboard > Nodes. The pairing flow utilizes AWS Systems Manager (SSM) to securely tunnel an SDP handshake, establishing a direct WebRTC peer-to-peer connection for telemetry and secure code execution.