Remote OpenClaw Blog
OpenClaw Tools Disabled After Update: How to Fix It
5 min read ·
Remote OpenClaw Blog
5 min read ·
If you updated OpenClaw after March 2, 2026, your agent probably stopped executing tools. Skills that worked yesterday now fail silently. The Control UI shows tools as "unavailable." Your agent responds to messages but refuses to take any action.
This is intentional. OpenClaw version 2026.3.2 introduced a new security model that disables all tool execution by default. The change was documented in the official changelog on GitHub, but many operators missed it because the update applied automatically.
The update affects every tool category: filesystem access, web requests, messaging integrations, calendar operations, and custom MCP server connections. If your agent was running tools before the update, every single one is now blocked until you explicitly re-enable it.
The change was a direct response to CVE-2026-25253 (CVSS 8.8), a critical vulnerability disclosed in February 2026. The CVE demonstrated that prompt injection attacks could exploit OpenClaw's unrestricted tool access to execute arbitrary system commands on the host machine.
According to the GitHub discussion thread (#4721), the core team decided that the safest default was to require operators to opt in to tool access rather than opt out. This follows the principle of least privilege: an agent should only have access to the tools it explicitly needs.
The security rationale is sound. Before this change, a fresh OpenClaw install had full tool access by default, meaning a compromised agent could read and write files, make network requests, and interact with connected services without any restrictions. Over 40% of OpenClaw instances surveyed in the February 2026 community census were running with unrestricted tool access.
If you want to restore the pre-update behavior and enable all tools at once, run this command from your OpenClaw project directory:
openclaw config set tools.enabled trueThen restart the OpenClaw service:
# If running with systemd
sudo systemctl restart openclaw
# If running with Docker
docker restart openclaw
# If running with pm2
pm2 restart openclawAfter restarting, verify that tools are active by checking the status:
openclaw status --toolsYou should see output listing each tool category as enabled. If any still show disabled, your config file may have category-level overrides that take precedence over the global setting.
Enabling all tools restores functionality but does not improve your security posture. The better approach is to enable only the tool categories your agent actually uses. OpenClaw 2026.3.2 introduced six tool categories:
# Enable specific categories
openclaw config set tools.allow filesystem,web,messaging
# Available categories:
# filesystem — read/write files, directory operations
# web — HTTP requests, browser automation
# messaging — Telegram, WhatsApp, Slack, Discord
# calendar — Google Calendar, Apple Calendar
# email — Gmail, SMTP integrations
# mcp — custom MCP server connectionsFor a typical founder operations agent, you might enable only messaging, calendar, and email while leaving filesystem and web disabled. This limits the blast radius if the agent is compromised through prompt injection.
Marketplace
Free skills and AI personas for OpenClaw — browse the marketplace.
Browse the Marketplace →You can also set tool permissions per skill rather than globally. Add a tools block to your skill's SKILL.md file:
---
name: daily-briefing
tools:
- calendar
- email
- messaging
---Skills that request tool categories not in your global allow list will fail with a clear error message instead of failing silently.
After re-enabling tools, run the built-in diagnostic to confirm everything is connected:
openclaw doctor --toolsThis checks each enabled tool category and reports whether the underlying integration is properly configured. Common issues at this stage include expired API tokens (especially for Google Calendar and Gmail) and stale MCP server connections that need to be re-established after the restart.
If the doctor command shows all green, send a test message to your agent through its primary channel and ask it to perform a simple tool action, like checking your calendar or reading a file. Confirm the action completes before moving on.
After re-enabling tools, audit your installed skills to make sure none are requesting tool categories you have not allowed:
openclaw skills auditThis command compares each skill's tool requirements against your current allow list and flags any mismatches. Skills with unmet tool dependencies will appear as degraded in the output.
If you are using marketplace skills from Remote OpenClaw, each skill's product page lists its required tool categories. Cross-reference these against your config to avoid silent failures.
For a deeper dive into skill configuration, see the OpenClaw Skills Complete Guide.
OpenClaw version 2026.3.2 changed the default security model so that all tool execution is disabled by default. This was introduced after CVE-2026-25253 demonstrated that unrestricted tool access could allow prompt injection attacks to execute arbitrary system commands. You need to explicitly re-enable tools after updating.
Run openclaw config set tools.enabled true from your terminal, then restart the OpenClaw service. For more granular control, use openclaw config set tools.allow filesystem,web,messaging to enable only specific tool categories your agent needs.
Yes, existing skills will work once tools are re-enabled. However, skills that use tool categories you have not explicitly allowed will fail silently. Run openclaw skills audit to identify any gaps between your skill requirements and your allowed tool categories.