Using Elevated Mode in Openclaw

Table of contents: [Show]

Quick Start

Elevated Mode in Openclaw grants your agent expanded permissions to execute commands directly on the gateway host, bridging the gap between sandboxed safety and operational flexibility.

Execute host-level commands without manual approval for each operation.
Misconfigured permissions can expose your system to unintended operations.
A properly secured elevated setup that balances automation with access control.

Understanding Elevated Directives

Openclaw provides three levels of elevated access through slash commands:

Step 1: Enable Elevated Mode

Send the directive in chat to activate:

/elevated on or /elevated ask — Forces exec on gateway host with approvals enabled

/elevated full — Runs on gateway with auto-approval (skips all prompts)

/elevated off — Restores standard exec settings

/elevated — Check current elevated level

Step 2: Configure Allowlist

Edit your ~/.openclaw/openclaw.json to enable elevated mode and whitelist authorized users:

{
  "tools": {
    "elevated": {
      "enabled": true,
      "allowFrom": {
        "discord": ["YOUR_DISCORD_USER_ID"],
        "whatsapp": ["+15551234567"]
      }
    }
  }
}

Working Example

Session-wide activation:

/elevated full

Inline single-message use:

/elevated full Check disk space and list running containers

Application Methods

Session-Wide

Send the directive alone. The bot confirms the mode change for the entire session.

Inline (Single Message)

Include the directive at the start of your prompt. Permissions apply only to that specific request.

Troubleshooting & Best Practices

Group chat requirement: In groups, elevated directives only work with @mentions or standalone commands.
Security first: Always use allowFrom to restrict which users can trigger elevated mode.
Prefer /elevated on: Use /elevated on instead of full when possible to maintain approval checkpoints.
Audit trail: Review exec logs regularly when elevated mode is active.

Elevated Mode transforms Openclaw from a sandboxed assistant into a capable system administrator when you need direct host access—just configure it carefully.