← All Guides

πŸ›‘οΈ DM Policies Deep Dive

DM policies control who can talk to your agent. Get this wrong and strangers send commands to your AI. Get it right and you have a locked-down, trusted assistant. This guide covers every policy mode, per-channel overrides, and common mistakes.

SecuritydmPolicy + groupPolicyCritical configuration

On this page

  1. Why DM policies matter
  2. DM policy modes
  3. Pairing mode (default)
  4. Allowlist mode
  5. Open mode (dangerous)
  6. Group policies
  7. Per-channel overrides
  8. openclaw doctor
  9. Troubleshooting

⚠️ Why DM policies matter

Your OpenClaw agent can read files, execute commands, browse the web, and send messages. Anyone who can talk to your agent can potentially command it to do these things. DM policies are the front door lock.

⚠️ Real risk: Security researchers found 135,000+ exposed OpenClaw instances online. Many had dmPolicy: "open" β€” meaning anyone could send commands. Don't be that person.

πŸ“‹ DM policy modes

ModeWho can messageRiskUse case
"pairing"Anyone who completes the pairing code🟑 MediumDefault β€” good for personal use
"allowlist"Only IDs in allowFrom array🟒 LowLocked-down production
"open"AnyoneπŸ”΄ High⚠️ Public bots only, with extreme caution
"disabled"Nobody (DMs off)🟒 NoneGroups-only bot

πŸ”— Pairing mode (default)

Unknown senders receive a 6-digit pairing code. They're ignored until you approve:

# When someone DMs your bot, they get:
# "Send pairing code to continue: 482917"

# You approve from CLI:
openclaw pairing approve telegram 482917

# The sender is added to the local allowlist
# Codes expire after 1 hour

How it works:

  • Unknown sender messages the bot β†’ bot replies with pairing code
  • You receive a notification (check logs or heartbeat)
  • You run openclaw pairing approve <channel> <code>
  • Sender is added to persistent allowlist
  • Pairing codes expire after 1 hour (configurable)

πŸ”’ Allowlist mode

Only specific IDs can talk. Everyone else is silently ignored:

{
  "channels": {
    "telegram": {
      "dmPolicy": "allowlist",
      "allowFrom": ["123456789", "987654321"]
    },
    "whatsapp": {
      "dmPolicy": "allowlist",
      "allowFrom": ["+40712345678"]
    },
    "discord": {
      "dmPolicy": "allowlist",
      "allowFrom": ["discord_user_id"]
    },
    "signal": {
      "dmPolicy": "allowlist",
      "allowFrom": ["uuid:123e4567-e89b-12d3-a456-426614174000"]
    }
  }
}

πŸ’‘ Finding your ID:
Telegram: message @userinfobot or check gateway logs
WhatsApp: your phone number with + country code
Discord: enable Developer Mode β†’ right-click yourself β†’ Copy User ID
Signal: UUID from pairing output (check logs for uuid:<id>)

πŸ”΄ Open mode (dangerous)

{
  "channels": {
    "telegram": {
      "dmPolicy": "open",
      "allowFrom": ["*"]
    }
  }
}
⚠️ Open mode lets ANYONE send commands to your agent. Only use this if you're building a public-facing bot AND you've locked down tools (no exec, no filesystem, no browser). Even then, consider using pairing mode instead.

If you must use open mode, also:

  • Disable exec tools entirely
  • Disable filesystem write access
  • Disable browser tools
  • Run in Docker sandbox
  • Set rate limits per sender

πŸ‘₯ Group policies

Group policies work separately from DM policies:

{
  "channels": {
    "telegram": {
      "groupPolicy": "allowlist",
      "groups": {
        "*": {
          "requireMention": true
        },
        "-100123456789": {
          "requireMention": false
        }
      }
    }
  }
}
SettingPurpose
groupPolicyControls which groups the bot responds in (allowlist, open, disabled)
groups.*Wildcard β€” default settings for all groups
groups.<id>Per-group override by numeric group ID
requireMentionIf true, bot only responds when @mentioned (prevents noise)

πŸ”€ Per-channel overrides

Each channel can have its own DM policy:

{
  "channels": {
    "telegram": { "dmPolicy": "pairing" },
    "whatsapp": { "dmPolicy": "allowlist", "allowFrom": ["+40712345678"] },
    "discord": { "dmPolicy": "disabled" },
    "slack": { "dmPolicy": "open" },
    "signal": { "dmPolicy": "allowlist", "allowFrom": ["uuid:abc123"] }
  }
}

This lets you run different security postures per channel β€” strict on Discord (public), open on Slack (trusted workspace).

🩺 openclaw doctor

The doctor command audits your DM policies and flags risky configurations:

openclaw doctor

# Example output:
# ⚠️  channels.telegram.dmPolicy is "open" β€” anyone can message
# ⚠️  channels.discord.dmPolicy is "open" with exec tools enabled
# βœ…  channels.whatsapp.dmPolicy is "allowlist" (2 entries)
# βœ…  channels.signal.dmPolicy is "pairing"
βœ… Run openclaw doctor after every config change. It catches misconfigurations that leave your agent exposed.

πŸ”§ Troubleshooting

ProblemFix
Bot doesn't respond to anyoneCheck dmPolicy isn't "disabled". Check allowFrom has your ID.
Pairing code not receivedBot must be running. Check openclaw gateway status. Codes expire after 1 hour.
Wrong user ID formatTelegram: numeric only. WhatsApp: +country prefix. Signal: uuid:<id> format.
Bot responds to everyone in groupSet requireMention: true on the group. Bot only responds when @mentioned.
β€œnot authorized” errorYour ID isn't in allowFrom. Check format matches (e.g., +40 vs 40 for WhatsApp).
openclaw doctor shows warningsFix each warning. Switch "open" to "pairing" or "allowlist" where possible.