discord.allowFrom incorrectly assumed as owner in discord DM?
I was playing around with the allowFrom field for the discord section of the config and i have come across a somewhat disturbing detail..
if
for instance, if this is your config:
then this is the resulting system prompt that is fed to your agent:
Is this the intended behavior? Is this not a huge security flaw? No where that I see in the Openclaw documentation does it reference allowFrom should be considered the same as being an owner. There is either a huge documentation error or a huge system prompt wording failure
---
for context this was tried on both
if
dmPolicyallowlistallowFromfor instance, if this is your config:
then this is the resulting system prompt that is fed to your agent:
Is this the intended behavior? Is this not a huge security flaw? No where that I see in the Openclaw documentation does it reference allowFrom should be considered the same as being an owner. There is either a huge documentation error or a huge system prompt wording failure
---
for context this was tried on both
2026.2.172026.2.15mainper-channel-peer
The AI that actually does things. Emails, calendar, home automation - all from your favorite chat app. New shell, ready to help. The lobster way.
131,281Members
Resources
Similar Threads
Was this page helpful?
