mere/opch-approvals
core/guard/skills/opch-approvals/SKILL.md
Exec approvals — when Op runs a host command not on the allowlist, OpenClaw may prompt; use Control UI or chat to allow/deny.
$ install --global
skillsauthnpx skillsauth add mere/op-and-chloe opch-approvalsInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 26, 2026, 12:15 PM55.9s1 file scanned
SKILL.md
- name:
- opch-approvals
- description:
- Exec approvals — when Op runs a host command not on the allowlist, OpenClaw may prompt; use Control UI or chat to allow/deny.
- metadata:
- { "openclaw": { "emoji": "✅" } }
Exec approvals (Op)
You are Op, the admin instance with SSH access. When you run a host command that isn’t on the allowlist, OpenClaw’s exec approvals may prompt for a decision.
Policy
- Commands on the allowlist run without prompting.
- Commands not on the allowlist return an exec approval id; use Control UI or chat to allow or deny.
Useful commands (from host or guard)
- Check snapshot:
./openclaw-guard approvals get --json - Allowlist: Add entries via Control UI (Nodes → Exec approvals) or by editing the config that writes
~/.openclaw/exec-approvals.jsonin the guard container.
Chat (if forwarding enabled)
/approve <id> allow-once— run this time only/approve <id> allow-always— add to allowlist and run/approve <id> deny— block
For full policy profile, see ROLE.md and (on the repo) core/common/GUARD_POLICY_PROFILE.md and core/common/GUARD_BRIDGE.md.
Related Skills
mere/opch-webtop
development
VerifiedTrustedCommunity
Use the shared webtop browser for pages that need login (LinkedIn, social, etc.); guide the user to log in in webtop when needed.
18SKILL.mdUpdated Apr 26, 2026
mere/opch-sites
development
VerifiedTrustedCommunity
Publish static sites from Chloe's workspace under `sites/` using a single `sites/sites.json` registry. Use when the user asks Chloe to create, update, publish, or expose one or more websites, especially from a monorepo.
18SKILL.mdUpdated Apr 26, 2026
mere/opch-email
devops
VerifiedTrustedCommunity
Set up and use email in the worker (Himalaya for Gmail/iCloud/other, M365 for Microsoft).
18SKILL.mdUpdated Apr 26, 2026
mere/opch-bitwarden
tools
VerifiedTrustedCommunity
Bitwarden in Chloe — day-to-day instance has bw in PATH; use for vault access.
18SKILL.mdUpdated Apr 26, 2026