OpenClaw DM Policy: How All Four Modes Actually Work

Key takeaways

• OpenClaw (previously known as Clawdbot and Moltbot) has four dmPolicy modes: pairing (default), allowlist, open, and disabled
• Pairing works for most setups: unknown senders receive a 6-digit code, you approve it from the CLI, and they're in
• Allowlist is the tightest option for solo or small-team bots: only explicit numeric IDs can reach your agent
• Open mode processes every DM without any verification; only use it if you've constrained which tools are available
• Disabled drops DMs silently; group messages still work normally under a separate group policy system

Why DM access control matters for OpenClaw

OpenClaw runs on a personal assistant security model. One gateway, one trusted operator. That's the design. The official security docs are explicit about it: the gateway is built for a single trusted user, not a multi-tenant service.

With an overly permissive dmPolicy, anyone who discovers your bot's handle can send it a message. If you've wired up exec tools, file access, or calendar integrations, they interact with all of it. That's not a theoretical edge case. It's the natural outcome of running dmPolicy: "open" on a capable agent without constraining its tools.

The fix is picking the right mode for your situation and configuring it correctly.

The four OpenClaw dmPolicy modes compared

Each mode is a strict behavioral contract, not a suggestion. The GitHub discussion that defined the policy spec treats them exactly that way: open means process regardless, allowlist means block with no pairing side effects, pairing means trigger the pairing flow, disabled means drop.

The pairing default is a sensible middle ground. Time-limited codes plus explicit approval creates an audit trail without requiring you to know every sender's numeric ID upfront. But it's not always the right choice.

Which OpenClaw dmPolicy should you use?

Use this decision guide before touching your config.

You're the only user. Set dmPolicy: "allowlist" with your numeric user ID in allowFrom. The official Telegram channel docs recommend this explicitly: for one-owner bots, prefer allowlist with explicit IDs over relying on pairing-store files.

Small team with known users. Allowlist with everyone's IDs. More setup upfront, but no approval workflow to manage.

You want an approval flow without maintaining an ID list. Pairing is built for this. Unknown senders get a code, you approve it once, they're added to the approval store automatically.

Public bot that anyone can reach. Open mode, but only after you've set a constrained tool profile. More on this in the open mode section.

Groups only, no DM access at all. Disabled. Groups operate under a separate group policy system and aren't affected.

OpenClaw dmPolicy pairing: how the default approval flow works

Pairing is the default dmPolicy. When an unknown sender messages your bot, OpenClaw sends them a 6-digit code. The code expires after 1 hour. You approve it from the CLI:

openclaw pairing approve <channel> <CODE>

A few details that matter in practice. The queue maxes out at 3 pending codes per channel. Additional requests after that are silently dropped, which is intentional anti-spam behavior. Approved users get written to ~/.openclaw/credentials/<channel>-allowFrom.json automatically.

When should you pick pairing over allowlist? When you want an explicit approval step but don't know sender IDs in advance. It's a good fit for bots you share selectively, where you want to review each request before granting access.

If you're troubleshooting a pairing setup where the bot isn't responding to the code, that's a different problem. The OpenClaw pairing troubleshooting guide covers silent bot diagnostics and approval flow failures.

OpenClaw dmPolicy allowlist: config syntax and channel-specific ID formats

Allowlist mode silently ignores non-listed senders. According to the official docs, dmPolicy: "allowlist" with an empty allowFrom array is rejected by config validation. You need at least one ID.

Here's the config structure:

{
  "channels": {
    "telegram": {
      "dmPolicy": "allowlist",
      "allowFrom": [123456789, 987654321]
    }
  }
}

ID format varies by channel. This is where most allowlist errors come from.

Telegram is the common trap: allowFrom requires numeric user IDs, not @usernames. If you put a username in there, it won't work silently. The allowFrom fix guide has the step-by-step for finding your numeric ID and correcting the config.

If you need to isolate sessions per sender (so two allowlisted users don't share context), pair this with dmScope: "per-channel-peer". That's a separate config field that controls session isolation independently from dmPolicy.

OpenClaw dmPolicy open: when it's acceptable (and what to lock down)

Open mode requires you to set allowFrom: ["*"] explicitly. That's intentional friction. The config won't accept open mode without it.

The r/openclaw community consensus is pretty consistent: open mode is only valid for bots acting as a public-facing receptionist. Support intake. Community moderation. An agent that collects requests and routes them. Not an agent with exec, file system, or calendar access.

If you do run open mode:

• Assign a constrained tool profile. The "messaging" profile is a reasonable starting floor for public bots: it limits tools to message-sending actions and blocks exec, file, and calendar access.
• Disable exec tools entirely.
• Run openclaw security audit after any config change. It flags footguns like exec enabled with open DM access.

Open mode left on from testing is one of the most common security gaps. openclaw doctor will catch it during an audit.

OpenClaw dmPolicy disabled: what stops and what still works

Disabled mode drops all DMs silently. The sender gets no response, no error. Nothing.

Groups still work. DM policy and group policy are independent systems. According to the official docs, they're separate config fields. Disabling DMs doesn't disable your Telegram group or Discord server.

Use disabled when the agent has no legitimate DM use case. A Slack workspace bot that only answers in channels. A Discord server assistant. A Telegram group moderator. For those agents, DMs are a surface with no upside and some downside.

Common mistake: accidentally setting disabled on the wrong channel. If your bot stops responding to DMs after a config change, check whether you've set dmPolicy: "disabled" somewhere unintended. openclaw doctor will surface it.

How to set different dmPolicy per channel in OpenClaw

You can run different policies on different channels from the same config. Pairing on Telegram, allowlist on Discord, disabled on WhatsApp is a valid setup.

{
  "channels": {
    "telegram": {
      "dmPolicy": "pairing"
    },
    "discord": {
      "dmPolicy": "allowlist",
      "allowFrom": ["987654321012345678"]
    },
    "whatsapp": {
      "dmPolicy": "disabled"
    }
  }
}

Why run different policies? Different trust levels by platform. Maybe your Telegram handle is semi-public, so pairing makes sense there. Your Discord bot is in a private server with known users, so allowlist is tighter. WhatsApp is for a specific integration that should never take DMs directly.

Audit your OpenClaw DM policy with openclaw doctor

openclaw doctor checks your DM policy configuration and flags anything risky. openclaw security audit goes further and catches footguns including elevated allowlists, open mode with exec enabled, and other combinations that create exposure.

openclaw doctor
openclaw security audit
openclaw security audit --fix

The openclaw doctor command reference covers every flag and what each check looks for. The security audit guide covers how to schedule audits and interpret the output.

Common flags from doctor in DM policy audits:

• Open mode with exec tools enabled
• Empty allowFrom array (rejected by config validation, but worth checking if you've hand-edited JSON)
• Telegram @username in allowFrom instead of a numeric ID

Common OpenClaw dmPolicy mistakes and how to fix them

Telegram @username in allowFrom instead of numeric ID

This is the most frequent allowlist error. Telegram IDs in allowFrom must be numeric. If you put @username, the allowlist fails silently.

Fix: run openclaw doctor --fix. It converts @username entries to numeric IDs automatically. Or find your numeric ID through the BotFather test, or by messaging @userinfobot on Telegram.

Empty allowFrom with allowlist mode

dmPolicy: "allowlist" with allowFrom: [] is rejected by config validation. You can't save an empty allowlist. The docs are explicit about this. Add at least one ID before switching to allowlist mode.

Feishu default changed in 2026.2.14

GitHub issue #17741 documents this: Feishu's default dmPolicy changed from "open" to "pairing" in the 2026.2.14 release with no migration. Existing Feishu setups that relied on the open default broke after upgrading.

Fix: explicitly set dmPolicy: "open" in your Feishu channel config and restart the gateway.

Slack allowlist regression in 2026.2.6-3

GitHub issue #12826 confirmed that in 2026.2.6-3, Slack's allowlist still triggered the pairing prompt even with a valid allowlisted user ID. The workaround was temporarily switching to dmPolicy: "open". This was fixed in a later release. If you're on an older version of OpenClaw, check your current version and upgrade.

Open mode left on after testing

It's easy to set open mode while debugging and forget to change it. If openclaw doctor flags this, tighten to pairing or allowlist. The security hardening playbook has the full lockdown sequence.

FAQ

What is the default dmPolicy in OpenClaw?

The default dmPolicy in OpenClaw is "pairing". With pairing, unknown senders receive a 6-digit code that expires after 1 hour. You approve the code from the CLI using openclaw pairing approve <channel> <CODE>. Pairing is the default for all channels unless you explicitly set a different value in your config.

Can I use @username in OpenClaw's allowFrom setting for Telegram?

No. OpenClaw's Telegram allowFrom field requires numeric user IDs, not @usernames. If you add a @username, the allowlist fails silently and the user won't be permitted. The official docs confirm this requirement. Run openclaw doctor --fix to convert any @username entries to their numeric equivalents automatically.

What happens when a user messages an OpenClaw bot with dmPolicy set to disabled?

Nothing, from the user's perspective. The message is silently dropped. Disabled mode drops all DMs without any response or error. The sender gets no indication that the bot exists or received their message.

Does disabling OpenClaw DM policy also disable group messages?

No. DM policy and group policy are independent systems. Setting dmPolicy: "disabled" only affects direct messages. Group messages continue to work under whatever groupPolicy you've configured, which is a separate field.

How do I find my Telegram numeric user ID for OpenClaw allowFrom?

Message @userinfobot on Telegram and it'll return your numeric user ID. You can also run openclaw doctor --fix if you've already added a @username entry, and it will convert it to the correct numeric ID. The allowFrom fix guide has the full walkthrough.

Can OpenClaw run different dmPolicy modes on Telegram and Discord at the same time?

Yes. Each channel has its own independent config block. You can set dmPolicy: "pairing" for Telegram, dmPolicy: "allowlist" for Discord, and dmPolicy: "disabled" for WhatsApp all in the same gateway config. OpenClaw Cheatsheet's per-channel docs show examples for all supported channels.

Evidence and methodology

Research for this article drew from OpenClaw's official Telegram channel docs, the security model reference, GitHub discussions #14250 and issues #12826 and #17741, and the r/openclaw open mode thread. OpenClaw Cheatsheet was used for per-channel config examples where official docs don't provide specifics.

Related resources

• Fix OpenClaw Pairing Required (1008): Approve Devices and DM Policy: troubleshooting the pairing handshake when the bot goes silent
• Fix OpenClaw Telegram allowFrom: User ID vs Username: step-by-step for finding numeric IDs and correcting allowFrom errors
• OpenClaw Doctor --fix: Every Flag, Warning Explained: full reference for the doctor command and what each check covers
• OpenClaw Security Audit Command: Run, Fix, and Automate: scheduling audits and interpreting output
• OpenClaw Security Hardening Playbook: 5 Steps to Lock It Down: full lockdown sequence for production gateways

Changelog